iManager - NetStorage error "Service not available. Possible cause: Unauthorized"

  • 3754329
  • 13-Sep-2006
  • 26-Apr-2012

Environment

Novell iManager 2.5
Novell iManager 2.6
Novell NetStorage
Novell Open Enterprise Server (OES)

Situation

When you connect a browser to iManager you sometimes get security warning pop up windows. Because of the SSL (https) connection required, the browser shows you anything it finds questionable about the certificate it gets back from the server. You can examine the certificate in more detail, and then decide to accept or reject the connection. You might be so used to clicking off these pop up windows, that you don't specifically remember what they say.

One of the things they typically say is that the certificate returned has a different name than the URL you connected to. This can happen if you connect using an IP address, and the certificate contains the DNS name (or the reverse
situation). Some of the iManager tasks require the plug-in to contact NetStorage. The plug-in uses the server name that the browser used to reach iManager and opens an internal https connection to NetStorage on the same box. If the SSL certificate does not contain a name that iManager can determine is indeed the same destination, then the https connection is aborted, and the plug-in is unable to process the request.

So the problem you see is expected behavior anytime there is a possible security violation. You are asking for admin information, and you may not be the admin, or you may be connecting to an impostor NetStorage. This problem usually occurs when the browser uses a different address than that on the SSL Certificate.

Resolution

If the server (on which iManager is running) cannot resolve the servers name to an IP address, then that would be one reason for the error. More likely, iManager does not like the SSL Certificate that comes back. The most likely reason for that is that the name on the certificate does not match the name on the URL. We cannot use any internal pop-ups like browsers do, so any problem with the SSL Certificate results in failure to connect. The plug-in doesn't know why it failed, but knows that it did fail and returns the generic "Service not available. Possible cause: Unauthorized" message to the browser.

If you want to use a DNS name to access iManager and perform NetStorage tasks, then you must create the server's SSL Certificate with the full DNS name of the server, and use that full DNS name in your browser. The full DNS name would be something like"oes.lab.novell.com", not the short name "oes". Remember that the browser and the iManager server may use different DNS servers to resolve names. The browser may successfully resolve a short name (oes) to the correct IP address while the server cannot. If the name used in the URL to access iManager cannot be resolved from the server, access will fail.