NetStorage "Error 500" on OES Linux

  • 3406928
  • 24-Jul-2007
  • 18-Aug-2015

Environment


Novell Open Enterprise Server (Linux based)

Situation

When visiting the NetStorage tool for drive mappings, the following issues appear :
  • NetStorage does not authenticate, but responds with an "Error 500" page
  • Other web tools successfully authenticate (e.g. iManager)
  • In the apache error log, the present error reads :
    [Wed Jul 26 21:25:17 2006] [crit] [client 192.168.0.229] configuration error:  couldn't check user.  No user file?: /oneNet/NetStorage, referer: https://85.37.17.247/NetStorage/contentframe.html
  • Owner permissions of /var/opt/novell/xtier/xregd do not belong to novlxregd .
  • In the /var/log/messages file the error is present after trying to start novell-xregd :
    Jul 26 21:08:16 jlewis-test novell-xregd[4504]: XTRegEng -RegInitialize- Open database failure, error = 81052101
    Jul 26 21:08:16 jlewis-test novell-xregd[4504]: XRegD -InitDbObjHolders- Exception caught instantiating DbObjHolder
    Jul 26 21:08:16 jlewis-test novell-xregd[4504]: XTRegEng -RegInitialize- Open database failure, error = 00000000

Resolution

  1. Change to the /var/opt/novell/xtier directory ("cd /var/opt/novell/xtier").
  2. Ensure that LUM contains the novlxregd user by running :
    jlewis-test:/var/opt/novell/xtier/xregd/db # namuserlist novlxregd
    novlxregd:x:100:101:Novell XRegD System User:/var/opt/novell/xtier/xregd:/bin/false
    Rebuild the NSS ID's if necessary (running the nssid.sh utility - if a "command not found" error is received, try running the script using the full path : "/opt/novell/nss/bin/nssid.sh").
  3. Change the ownership of the xregd directory :
    chown -R novlxregd xregd
  4. Start the novell-xregd process ("/etc/init.d/novell-xregd start").
  5. Stop the novell-xsrvd process ("/etc/init.d/novell-xsrvd stop").
  6. Start the novell-xsrvd process again ("/etc/init.d/novell-xsrvd start").

Cause

Other causes of the same error could be:
 
A) The SSL private key file used by Apache (see SSLCertificateKeyFile directive in Apache2 configuration (by default in /etc/apache2/vhosts.d/vhost-ssl.conf) does not have the correct RSA format. It should start with the line "-----BEGIN RSA PRIVATE KEY-----", followed by the RSA private key itself and end with the line "-----END RSA PRIVATE KEY-----". To convert a private key file to proper RSA format, you can use 'openssl rsa -in input_file -out output_file'. For example, if the file /etc/ssl/servercerts/serverkey.pem is referenced by the directive SSLCertificateKeyFile in the Apache2 configuration, but is not of proper RSA format, you can convert it to proper RSA format per...:
 
# openssl rsa -in /etc/ssl/servercerts/serverkey.pem -out /etc/ssl/servercerts/serverkey-new.pem
 
...and change the SSLCertificateKeyFile directive in the Apache2 configuration to refer to /etc/ssl/servercerts/serverkey-new.pem instead.
 
 
NetStorage does not support Apache2 NSS security configuration. It only supports SSL security configuration. Please change your Apache2 configuration from NSS security to SSL security to take out this cause.

Additional Information

There are two processes required for xTier authentication, novell-xsrvd and novell-xregd. These can be checked for operation by running :
jlewis-test:~ # ps awx | grep reg
jlewis-test:~ # ps awx | grep srv
If the processes are present, there will be responses back after each one, similar to :
28927 ?        S      0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28928 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28929 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28930 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28937 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28956 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28968 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28978 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28987 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28998 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
29007 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
Then, attempt at restarting the missing service :
/etc/init.d/novell-xregd start
It will state that the package successfully started. This is not always the case. Check again for the xregd processes and the xsrvd processes. If they exist, NetStorage should be authenticating. If not, immediately tail /var/log/messages to check the error.

Ownerships from the /var/opt/novell/xtier directory:
oes2-linux:/var/opt/novell/xtier # ls -la
total 1
drwxrwx--- 4 novlxregd novlxtier 352 Feb 17 14:22 .
drwxr-xr-x 15 root root 384 Jan 29 13:45 ..
drwxrwx--- 3 novlxregd novlxtier 104 Feb 18 15:47 xregd
drwxrwx--- 3 novlxsrvd novlxtier 1192 Feb 18 15:47 xsrvd
...

Change Log

23 February 2010 - Nefi Munoz - Corrected "Ownerships from the /var/opt/novell/xtier directory" in "Additional Information" section