Environment
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Access Administration
Situation
Access Manager 3.1.1 IR3 installed and running fine. Multiple Identity (IDP) and Linux Access Gateway (LAG) servers exist in seperate clusters. After changing the primary LAG server in the LAG cluster configuration, the LAG healthcheck reported that many of the proxy listeners on all the LAGs were not active anymore.
Looking at the command status, one could see that multiple certificate operations were performed. The certificates were removed from all the LAGs and only a subset were re-added - confirmed by looking at the certificates in the Proxy certificate keystore. This caused all of LAG proxy services not to start up their listeners.
Looking at the command status, one could see that multiple certificate operations were performed. The certificates were removed from all the LAGs and only a subset were re-added - confirmed by looking at the certificates in the Proxy certificate keystore. This caused all of LAG proxy services not to start up their listeners.
Resolution
Manually re-added all the certificates and trusted roots that were not added by the change
primary server code. Selected the certificates from the Security -> Certificates tab in iManager
and made sure all proxy enabled certicates existed in the Proxy Key Store.
Additional Information
Tried to duplicate issue on a number of other newer platforms and could not dup this.