Upgrade has been done from Access Manager 3.04 to Access Manager 3.1
When a connector certificate is replaced a restart of tomcat is needed.
For example the certificate tight to the base URL of the IDP.
This is handled by a POSTUPDATE command which did not got changed during the upgrade.
Now this is still pointing to tomcat4.
The app_sc.o log on the Administration Console shows the following:
Response from the device , deviceName ::idp-xxxxxxxxxx command ::CertKeyImport errCode :127 result::CertKeyImport Command Failed.
The JCC log on the IDP showed the following:
INFO: Executing /bin/bash -c "/etc/init.d/novell-tomcat4 restart"
INFO: Error! Return code: 127
Reported this as a bug to engineering
1. When replacing the connector certificate don't restart Tomcat
automatically. This will force the post update commands to not be run, but
will require a manual restart of Tomcat on the IDP server.
2. Re-install the device instead of upgrade the device. This will put new
post update commands in the keystore_info.xml file which will point to the