Linux Access Gateway services fail to come up after changing the primary Access Gateway in cluster

  • 7007250
  • 24-Nov-2010
  • 26-Apr-2012


Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Access Administration


Access Manager 3.1.1 IR3 installed and running fine. Multiple Identity (IDP) and Linux Access Gateway (LAG) servers exist in seperate clusters. After changing the primary LAG server in the LAG cluster configuration, the LAG healthcheck reported that many of the proxy listeners on all the LAGs were not active anymore.

Looking at the command status, one could see that multiple certificate operations were performed. The certificates were removed from all the LAGs and only a subset were re-added - confirmed by looking at the certificates in the Proxy certificate keystore. This caused all of LAG proxy services not to start up their listeners.


Manually re-added all the certificates and trusted roots that were not added by the change 
primary server code. Selected the certificates from the Security -> Certificates tab in iManager
and made sure all proxy enabled certicates existed in the Proxy Key Store.

Additional Information

Tried to duplicate issue on a number of other newer platforms and could not dup this.