Environment
Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Access Administration
Situation
Linux Access Gateway front ending a Web server. Authentication via
the Identity server for all the protected resources works fine.
When applying changes to the Access Gateway through the
Administration Console, the health check screen shows a yellow
rather than green colour after pushing the change.
Looking at the health status in more detail, the NTP service is reported as disabled but running.
Looking at the health status in more detail, the NTP service is reported as disabled but running.
Resolution
Modify the
Access Gateway configuration in the Admin Console manually using an
LDAP browser so that the "browse to AccessManagerContainer ->
VCDN_Root -> PartitionsContainer -> Partitions ->
AppliancesContainer and select the AG-* Access
Gateway device that you are experiencing the problems on. The easiest way of doing this is to go to
the 'Auditing' ->'General Logging' tab of the Access Manager
Administration Console and identifying your LAG ID from there (12AA
below). This ID corresponds to the first 4 digits of the ag-xxxx in
the LDAP browser.
3. go into the ag-xxxx container - you should see CurrentConfig and WorkingConfig containers within this ag container
4.Selecting both the CurrentConfig and WorkingConfig -> RomaAGConfigurationXMLDoc attribute, cut and paste the attribute value into any editor ... this is the config from the LAG!!!!
5. Search for the "TimeServer Enable=" string and make sure that the value is set to 1.
6. save the changes in the editor and cut and paste the changes back into the RomaAGConfigurationXMLDoc attribute above.
7. Make any change in the Admin COnsole for the Access Gateway and push that change back out to the device. The health check from this point on should be working fine.
Another possible source of error, assuming the config store has the TimeServer and Enable flags set correctly is that there may be an issue with the actual client on the machine not behaving correctly. Whenever we do a health check, we look at the
- "/var/lib/ntp/var/run/ntp/ntpd.pid" or the
- "/proc/cmdline"
Make sure that these files exist.
3. go into the ag-xxxx container - you should see CurrentConfig and WorkingConfig containers within this ag container
4.Selecting both the CurrentConfig and WorkingConfig -> RomaAGConfigurationXMLDoc attribute, cut and paste the attribute value into any editor ... this is the config from the LAG!!!!
5. Search for the "TimeServer Enable=" string and make sure that the value is set to 1.
6. save the changes in the editor and cut and paste the changes back into the RomaAGConfigurationXMLDoc attribute above.
7. Make any change in the Admin COnsole for the Access Gateway and push that change back out to the device. The health check from this point on should be working fine.
Another possible source of error, assuming the config store has the TimeServer and Enable flags set correctly is that there may be an issue with the actual client on the machine not behaving correctly. Whenever we do a health check, we look at the
- "/var/lib/ntp/var/run/ntp/ntpd.pid" or the
- "/proc/cmdline"
Make sure that these files exist.