Tomcat not restarting after removing and re-adding an Identity Server or Embedded Service Provider into a cluster

  • 7004696
  • 20-Oct-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 SSLVPN Server

Situation

Administrator setup a large Access Manager deployment with multiple Linux Access Gateway (LAG) and Identity (IDP) servers in a cluster. AFter applying one particular change to the IDP cluster configuration, one of the IDP servers in the cluster would not come up. As part of the troubleshooting process, the administrator removed the problem IDP server from the cluster configuration and tried to re-add it. Re-adding the server appeared to go fine and the administrator was prompted to 'update' the newly added server. However, clicking the update link did not appear to do anything - the device was stuck with this 'update' status continuously enabled.

Resolution

The following workaround can be used to get the system going again:

1. Stopped the server(s) and removed cluster configuration
2. Reassigned server(s) back to the IDP Cluster configuration.

Since the case here is a little special, the tomcat does NOT restart in spite of an "Ok" click for a pop-up requesting a tomcat restart and the health will indicate a "Halted" red health icon with an "Update All" status. Here, clicking on "Update All" will not perform an update.

ONE MUST, select the server(s) and click on "Start" after which, the server(s) will reach a status of "Current" with a Green Health icon. Additionally, if any Certificate(s) were added to the Keystore AND/OR Truststore prior to this issue then, one must reassign them again.

We will no longer see the error "Certificate: The current logged in user has insufficient rights to perform the selected task..." on IDP keystore/truststore UI access.

3. Restart Tomcat.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.