Embedded Services Provider running on the LAG does not start its SSL listeners

  • 7003793
  • 08-Jul-2009
  • 26-Apr-2012


Novell Access Manager 3.1
Novell Access Manager 3.1 Interim Release 2
All Novell Access Manager have been installed on XEN virtual machines


  • The Novell Embedded Service Provider (NESP) does not start all of the required SSL listeners.
  • The returned error message in such a situation is:
"CCS_UnwrapKey() failed with an error [-1403], while unwrapping the key with machine key. unwrap_with_machine_key() failed with an error [-1403], while unprotecting data.(kLen:165-0) decrypt:File (/opt/novell/conf/keys/newCStuff/alternate-prod_czebox_cz.altbuf) does not exist."
  • After restarting the LAG eventually all services will come up


Use the touchfile "/opt/novell/conf/keys/.useAlternate" on the LAG to address this issue.

Additional Information

On XEN virtual hosts NICI runs into timing issues not being able to get the required passwords while trying to access certificates. This touchfile will make use of another process accessing certificates (bypassing NICI)