Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Manager Interim release 2 applied
Linux Access Gateway build 85 applied
Situation
Linux Access Gateway (LAG) setup to protect an IBM iNotes server.
Authentication to an IDP server was required when accessing these
iNotes protected resources. Periodically, the Linux Access Gateway
would stop responding and the services would all be down. The only
option was to do a 'pgrep ics_dyn', locate the processID and kill
it with a 'kill -9 '. Once done, the proxy
services could be restarted with /etc/init.d/novell-vmc
restart.
Resolution
Apply the beta SP1 build of Access Manager.
The easiest way of determining what could have caused the issue was to run the debug logging on the LAG. Editing the /etc/laglogs and setting the proxy debug level to 7 (default 5), and then restarting the proxy services with /etc/init.d/novell-vmc restart will generate more verbose debugging info in the /var/log/ics_dyn.log file. From this file, we could see the following entries prior to the crash ...
Using this info, we could determine that the issue was related to a large download and gave us the info we needed to dup the problem succesfully.
The easiest way of determining what could have caused the issue was to run the debug logging on the LAG. Editing the /etc/laglogs and setting the proxy debug level to 7 (default 5), and then restarting the proxy services with /etc/init.d/novell-vmc restart will generate more verbose debugging info in the /var/log/ics_dyn.log file. From this file, we could see the following entries prior to the crash ...
In Urloverride::replaceContent, replacing
https://intranet.novell.com:443/iNotes/Forms5.nsf/h_ResourcesByName/trash.gif/$FILE/trash.gif?OpenElement&MaxExpires
with
/dmm-pitt.novell.com/iNotes/Forms5.nsf/h_ResourcesByName/trash.gif/$FILE/trash.gif?OpenElement&MaxExpires
---------------------------------
PROXY_AG:LargeDownload:0:Content Length Header written offset(16), len (11)
Source (99999999), sink (975785a4)
PROXY_AG:LargeDownload:0:Split number (0)
PROXY_AG:LargeDownload:0:Cached Web Item (975d71cc), request (984b4020)
PROXY_AG:LargeDownload:0:Not cached
PROXY_AG:LargeDownload:0:Split number (0)
PROXY_AG:LargeDownload:0:Cached Web Item (984acc4c), request (984b4020)
PROXY_AG:LargeDownload:0:Not cached
Source (99999999), sink (98543aa4)
PROXY_AG:LargeDownload:0:Start Fill
PROXY_AG:DataStream:0:Content received in sink DS (1448)
PROXY_AG:DataStream:0:Content received in sink DS (2896)
PROXY_AG:DataStream:0:Content received in sink DS (4344)
PROXY_AG:DataStream:0:Content received in sink DS (5860)
PROXY_AG:Rewriter0:Started Meta parse--------------
Using this info, we could determine that the issue was related to a large download and gave us the info we needed to dup the problem succesfully.