Unable to install Access Manager 3.1.3 Admin Console - Error: PKI_E_BAD_REQUEST_SYNTAX

  • 7008016
  • 01-Mar-2011
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Access Administration
Brand New Installation of Access Manager - not an upgrade of existing version
Novell Access Manager 3.1 Support PAck 3
SLES11 x86-64 bits server
VMware ESX 4 virtual machine

Situation

Trying to install Access Manager 3.1 SP3 Admin Console on SLES11 x86-64 host. After answering initial questions, the install processes appeared to be going fine. At the end of the install, an error message appeared indicating the installation was unsuccessful and referenced the install log files at /tmp/novell_access_manager/ and specifically the iManager logs.

Looking at the logs, one could see the following error prior to aborting the install

Configuring Novell iManager:
host: parse of /etc/resolv.conf failed
com.novell.nids.certmgr.DirCertException: Error: PKI_E_BAD_REQUEST_SYNTAX, Error: -1214
 at com.novell.nids.certmgr.DirCerts.B(Unknown Source)
 at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
 at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
 at com.novell.nids.install.MakeCertInKeystore.createCert(MakeCertInKeystore.java:234)
 at com.novell.nids.install.MakeCertInKeystore.main(MakeCertInKeystore.java:360)
We are not in DHost. pid = -143341312
Error creating key tomcat. Exiting makecert.
Error creating Tomcat connector certificate

Resolution

Comment out the following line with 'domain' from the /etc/resolv.conf file on the SLES11 host

search fal.imb sjf.com
#domain fal.imb sjf.com
nameserver 100.150.1.37
nameserver 100.150.1.39 


Additional Information

When debugging install related issue, look closely at all log files under /tmp/novell_access_manager/ directory, as well as enabling bash debugging. Bash debugging can be enabled by simply running 'bash -x install.sh' rather than just install.sh. When run, every instruction with the script file is logged to standard output and install errors can be more visible. In the above case, the install script output prior to the abort showed the following:

+ /tmp/NAM/novell-access-manager-3.1.3-247/utils/makecert --iman 10.150.2.3
+ '[' 1 -ne 0 ']'
+ tee -a /tmp/novell_access_manager/inst_iman_2011-02-24_12:43:51.log
++ gettext 'Error creating Tomcat connector certificate'
+ echo 'Error creating Tomcat connector certificate'
Error creating Tomcat connector certificate
+ exit 1

This confirmed that there was an iManager issue and when looking at the iManager logs, the resolv.conf issue became a little clearer (see 'host: parse of /etc/resolv.conf failed' string below)

Configuring Novell iManager:
host: parse of /etc/resolv.conf failed
com.novell.nids.certmgr.DirCertException: Error: PKI_E_BAD_REQUEST_SYNTAX, Error: -1214
 at com.novell.nids.certmgr.DirCerts.B(Unknown Source)
 at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
 at com.novell.nids.certmgr.DirCerts.createCert(Unknown Source)
 at com.novell.nids.install.MakeCertInKeystore.createCert(MakeCertInKeystore.java:234)
 at com.novell.nids.install.MakeCertInKeystore.main(MakeCertInKeystore.java:360)
We are not in DHost. pid = -143341312
Error creating key tomcat. Exiting makecert.
Error creating Tomcat connector certificate