Access manager console reports Linux Access Gateway status "Server is not reporting"

  • 7007168
  • 08-Nov-2010
  • 26-Apr-2012

Environment

Novell Access Manager 3.1
Novell Access Manager 3.1 Linux Access Gateway

Situation

  • Linux Access Gateway (LAG) health status is "Server is not reporting"
  • All Linux Access Gateway services (jcc, tomcat5, vmc) are up and running.
  • The JCC service (Device Manager) running on the LAG logs the following error message("/opt/novell/devman/jcc/logs/jcc-0.log.0"):

"Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate"

  • The Access Manager Console server (AC) reports logs the error:
    ("/opt/volera/roma/logs/app_sc.0.log")

(D)2010-09-28T21:31:15Z(L)application.sc.config(T)13(C)com.volera.vcdn.application.sc.config.AGConfigWork(M)F(E)Error in sending the configuration settings to the device.<!-- y:2363 Error in sending request to Device.<!-- y:76 javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found --> -->
    at com.volera.vcdn.application.sc.config.ConfigWork.K(y:2363)

Resolution

Correct the NTP, time problems on the LAG device and run a re-import.

Additional Information

The LAG system time was set to the future (Year 2030). This situation would invalidate all used JCC certificates on the LAG. To address this an automatic process will run to update the the JCC certificates used for the  Mutual SSL authentication protecting the JCC communication channel (usually 15 days before the certificates will expire). The Access Manager Console  (AC) was set to the correct (current) time and therefore could not validate the certificate provided for SSL Mutual Authentication by the JCC service running on the LAG (due to x509v3 valid from Certificate attribute)

Feedback service temporarily unavailable. For content questions or problems, please contact Support.