NTP Health check on Access Gateway reverts to "disabled, but running" after policy push

  • 3818076
  • 08-Aug-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Access Administration

Situation

Linux Access Gateway front ending a Web server. Authentication via the Identity server for all the protected resources works fine. When applying changes to the Access Gateway through the Administration Console, the health check screen shows a yellow rather than green colour after pushing the change.

Looking at the health status in more detail, the NTP service is reported as disabled but running.

Resolution

Modify the Access Gateway configuration in the Admin Console manually using an LDAP browser so that the "browse to AccessManagerContainer -> VCDN_Root -> PartitionsContainer -> Partitions -> AppliancesContainer and select the AG-* Access Gateway device that you are experiencing the problems on. The easiest way of doing this is to go to the 'Auditing' ->'General Logging' tab of the Access Manager Administration Console and identifying your LAG ID from there (12AA below). This ID corresponds to the first 4 digits of the ag-xxxx in the LDAP browser.

3. go into the ag-xxxx container - you should see CurrentConfig and WorkingConfig containers within this ag container

4.Selecting both the CurrentConfig and WorkingConfig -> RomaAGConfigurationXMLDoc attribute, cut and paste the attribute value into any editor ... this is the config from the LAG!!!!

5. Search for the "
TimeServer Enable=" string and make sure that the value is set to 1.

6. save the changes in the editor and cut and paste the changes back into the RomaAGConfigurationXMLDoc attribute above.

7. Make any change in the Admin COnsole for the Access Gateway and push that change back out to the device. The health check from this point on should be working fine.





Another possible source of error, assuming the config store has the TimeServer and Enable flags set correctly is that there may be an issue with the actual client on the machine not behaving correctly. Whenever we do a health check, we look at the

- "/var/lib/ntp/var/run/ntp/ntpd.pid" or the
- "/proc/cmdline"



Make sure that these files exist.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.