Linux Access Gateway updates taking a long time to apply while staying in pending state

  • 7001917
  • 18-Nov-2008
  • 26-Apr-2012

Environment

Novell Access Manager 3 Access Administration
Novell Access Manager 3 Linux Access Gateway
Novell Access Manager 3 Support Pack 4 applied

Situation

Entire Access Manager configuration including Linux Access Gateway (LAG) and Identity (IDP) Server up and running without problems. The Admin Console is installed on an internal network and is separated from the LAG and IDP servers with a firewall. When applying a change on the LAG, the administrator noticed that the status would remain in pending for up to an hour before the change is applied. Whilst the change is pending, all users can continue to access the setup without any problems.

Resolution

Make sure that no communication problems exist between the LAG and the Audit Server it is configured to talk to. In the above case, a firewall change was made and TCP port 289 was blocked between the LAG and Audit server causing the Audit platform agent to fail to initialize correctly.

Additional Information

The key hint required to troubleshoot the problem is to look for audit error (Error 9) at the start of the ics_dyn.log file in the /var/log directory on the LAG. Although the log file continues indicating that the audit platform agent has successfully initialized, it still causes some LAG threads to be blocked causing the updates to remain pending.

The JCC log files also indicate the following entries

Nov 10, 2008 5:13:14 PM com.novell.jcc.server.JCCServerImpl doCommand
INFO: Waiting for client idp-esp-FE532C7EAFAEF290 to be unlocked before executing: reconfigure