Cannot re-import Linux Access Gateway into Administration Console

  • 3450041
  • 25-Jul-2007
  • 05-Jun-2013


Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server


Administrator wanted to remove the Linux Access Gateway (LAG) from the existing setup and re-import the device into the Administration Console (AC). To do so, the administrator manually deleted the LAG device under the Access Gateway section of the AC. All appeared to go successfully and no errors were reported.

The administrator then used the script on the LAG to re-import the device into the AC. After selecting option 3 to re-import the proxy and nesp services, the IP address and credentials for the AC were given. After a few minutes, the lagconfigure script finished with no errors reported. When the administrator looked at the AC, no LAG device would be visible. Multiple re-installs failed to re-import the device into the AC.


Fixed in 3.1 Support Pack 2 or greater.

For systems pre 3.1.2, the following workaround holds:

Using an LDAP browser, connect to the LDAP server (needs to be a secure LDAP session!) on the Administration Console and delete the following objects, after first backing up the AC configuration store with the script:

- ag* and idp-esp* objects and attributes from partition.PartitionsContainer.VCDN_ROOT.accessManagerContainer.novell

- SCC* object that referenced the AG cluster.nids.accessManagerContainer.novell. Look at the nidsBaseURL attribute of each of these objects to determine that it is the Access Gateway and not the IDP SCC object that the administrator is deleting

- the idp-esp* object in server.nids.accessManagerContainer.novell

Once these objects are deleted, re-running the lagconfigure script (option 3) will allow the LAG to re--import successfully.