Firefox not able to connect to SSL VPN after upgrading to 3.2 IR1

  • 7010759
  • 10-Sep-2012
  • 10-Sep-2012


NetIQ Access Manager 3.2
SSLVPN services enabled
Occurs independent of whether SSLVPN running in standalone or on Access Gateway
Problem visible with Firefox Mozilla Versions 3.6 to 15.0.1 and Chrome but not with Internet Explorer 9
Problem occurs on both Windows and Linux OSs running SSLVPN client
All browser versions work with 3.2 but fail with 3.2 IR1.


SSLVPN configured on Access Manager 3.2 and running fine - users could access the SSLVPN login URL, get redirected to the Identity (IDP) Server to authenticate, and once authencated would see that the SSLVPN tunnel was brought up without issues. After applying the upgrade to 3.2 Interim Release 1 (IR1), users reported that the connection to the SSLVPN server would fail with browsers that used the applet mode and not Active X. Users would get different messages depending on the OS platform the client was running on. For example:

a) Firefox on Linux would report following messages:

*** nss-shared-helper: Shared database disabled (set NSS_USE_SHARED_DB to enable). java version "1.6.0_24" OpenJDK Runtime Environment (IcedTea6 1.11.3) (suse-0.11.2-x86_64) OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) JAR not found. Continuing. JAR not found. Continuing. net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet.

b) Firefox on Windows 7 would report the following error on the browser:

error: AM.1020B:Unable to fetch Username from the server.

c) Firefox on Windows XP would simply report a blank screen after submitting credentials for the IDP server


Open the following file on the SSLVPN server /opt/novell/nam/sslvpn/webapps/sslvpn/META-INF/context.xml
and make sure it includes the following attribute values:

<?xml version="1.0" encoding="UTF-8"?>
<Context useHttpOnly="false">
  <!-- Disable session persistence across Tomcat restarts -->
  <Manager pathname="" saveOnRestart="false" />

Restart the sslvpn service using "/etc/init.d/novell-sslvpn restart" and reconnect to make sure
all SSLVPN clients work fine. This issue will be fixed as part of 3.2 SP1.