Environment
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Support Pack 3 applied
Novell Access Manager 3.1 Support Pack 3 applied
Situation
Access Manager 3.1.3 applied and working fine. After updating some certificates on the Linux Access Gateway (LAG), any change applied to that LAG would result in the server going to the 'Not reporting' status. Trying to troubleshoot the problem, the administrator determined that when asimple change is made to the LAG proxy configuration (IP address, DNS, Proxy timeouts for example) and applied to the LAG itself, all works fine. When a change involving a cert is performed and that change is applied to the LAG, the server will always crash. The ics_dyn log file would report the following error:
Aug 9 18:17:32 LAGS03 : AM#404514000: AMDEVICEID#ag-E2E99840672F971A-0:
AMAUTHID#0: AMEVENTID#0: actualListener:92 servSock:0xac5b7938 192.168.112.51:443 (vm:0 server:0xac5b8984)
ERROR: Unknown error 4294967295
Error(s) occurred while applying to the Excelerator.
Exporting the newly added certificates and importing into another environment confirmed that the certificates were working fine ie. we did not see issue in a QA environment.
Aug 9 18:17:32 LAGS03 : AM#404514000: AMDEVICEID#ag-E2E99840672F971A-0:
AMAUTHID#0: AMEVENTID#0: actualListener:92 servSock:0xac5b7938 192.168.112.51:443 (vm:0 server:0xac5b8984)
ERROR: Unknown error 4294967295
Error(s) occurred while applying to the Excelerator.
Exporting the newly added certificates and importing into another environment confirmed that the certificates were working fine ie. we did not see issue in a QA environment.
Resolution
To fix the issue, the following steps were required:
a) apply the Access Manager 3.1.3 IR2 patch (build 3.1.3-292 or greater)
b) copy the /var/novell/cfgdb/vcdn/config.xml file on the LAG to /var/novell/cfgdb/.current/config.xml , and then,
c) /etc/init.d/novell-vmc restart
After doing this, any certificate change applied to the LAGs would get applied without a crash.