Environment
Novell Access Manager 3.1
Novell Access Manager 3.1 Service Pack 3
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Linux Access Gateway Service Pack 3
Novell Access Manager 3.1 Service Pack 3
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Linux Access Gateway Service Pack 3
Situation
- Accessing a protected resource after a policy change has been applied returns the error:
Status: 500 Internal Server Error
Description: Access Gateway couldn't find the needed policy from service provider.
Service Provider offline. Ir might be just coming up. If refreshing the browser after a few seconds doesn't clear this error condition, please contact your Administrator
If this condition persists, please contact the helpdesk
Service Provider offline. Ir might be just coming up. If refreshing the browser after a few seconds doesn't clear this error condition, please contact your Administrator
If this condition persists, please contact the helpdesk
- All subsequent users accessing the same protected resource can work without any problems
- The Health Status reports:
XX Policy configure requests get an error response, and , 0 Policy Status awaiting reply
- Running a "Policy Refresh" instead of a policy change does not cause any problems
- The LAG is connected to a Cisco switch with Auto Negotiation
Resolution
Configure the switch connecting the LAG for "Portfast" solves the problem
Additional Information
A policy re-configuration will cause the Linux Access Gateway to re-initialize the use Network Interfaces running a "ifdown / ifup". Minor changes like changing the description on an existing policy will run a "policy refresh" which does not call any NIC re-initialization
The Cisco switch used to connect the LAG caused a 40 seconds delay until. Using a LAN trace showed that it took about 40 seconds until the LAG received a response on an ARP request in order to retrieve the MAC address of the configured default gateway and cluster members.
The Policy initialization process failed on the long delay caused by the Cisco switch not configured for Portfast
The Cisco switch used to connect the LAG caused a 40 seconds delay until. Using a LAN trace showed that it took about 40 seconds until the LAG received a response on an ARP request in order to retrieve the MAC address of the configured default gateway and cluster members.
The Policy initialization process failed on the long delay caused by the Cisco switch not configured for Portfast