Access Manager Console fails on updating the configuration for all devices

  • 7010763
  • 11-Sep-2012
  • 11-Sep-2012

Environment

NetIQ Access Manager  3.2
Novell Access Manager 3.1

Situation

  • Access Manager Console reports all devices in the "Update" status
  • applying the pending update results in command status: "Failed"
  • Device Health status for all device will be reported as: “Green”
  • reviewing the JCC log files on the Access Manager devices (NIDP, AGS..) does not report any request to process a pushed configuration change
  • accessing Auditing menu from within iManager returns a 500 internal server errors

Resolution

  • restore the missing information copying the required XML data from another (LAB) Access Manager System using iManager (Tasks and Roles -> Directory Administration -> Modify Object ) or an LDAP browser tool.
  • make sure you can review now the Audit configuration and the correct IP address of the naudit server entry as been configured

Cause

The Auditing configuration information which is usually stored in the: "OrganisationalUnitXMLDoc" attribute stored at: "AppliancesContainer.Partition.PartitionsContainer.VCDN_Root.accessManagerContainer.novell"  is not available.

Due to the eDirectory (Access Manager Configstore) timesync problems between the primary and secondary Access manager Console servers the above listed information could not be written back while running configuration change and got therefore cleaned out causing the premature end of file error.

Additional Information

  • The Access Manager Console log file "app_sc.0.log" reports the error:
94427(D)2012-07-31T14:03:36Z(L)application.sc.command(T)45(C)com.volera.vcdn.application.sc.command.work.IDPCommandWork(M)K(Msg)Response from the device ,deviceName::idp-FCD8DE01833A0251 command ::reconfigure errCode:0 result::Reconfigure successful 94428(D)2012-07-31T14:03:36Z(L)application.sc.core(T)45(C)com.volera.vcdn.application.sc.core.AuditManager(M)A(E)org.jdom.input.JDOMParseException: Error on line -1: Premature end of file.
  • Looking at former versions of the app_sc log file reports that the Primary:
<amLogEntry> 2012-07-26T17:57:35Z SEVERE DeviceManager: AM#100905083: The time is not synchronized between the different Device Manager datastore servers. Use ndsrepair to re-synchronize the times before making any changes or configuration corruption may occur. </amLogEntry>
15974(D)2012-07-26T15:57:36Z(L)application.sc.health(T)35(C)com.volera.vcdn. application.sc.health.HealthCheck(M)execute(E)The time is not synchronized between the different Device Manager datastore servers. Use ndsrepair to re-synchronize the times before making any changes or configuration corruption may occur. <!-- y:865 javax.naming.NamingException: [LDAP: error code 80 - NDS error: time not synchronized (-659)]; remaining name '' -->

The audit configuration should look like:

<romaAppliancesContainer xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://vcdnschema/xmlschemas/romaAppliancesContainer
.xsd" romaXMLDocumentVersion="1.0.0">
<events healthChanges="0" serverImports="0" serverDeletes="0"
configChanges="1" />
<secureLoggingServers secureLoggingServersA="10.0.0.100"
secureLoggingServersB="" secureLoggingServersC="" />
<secureLoggingPort port="289" />
<secureLoggingActions stoponfailure="0" />
</romaAppliancesContainer>

Feedback service temporarily unavailable. For content questions or problems, please contact Support.