Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Interim Release 1 applied
NetIQ Access Manager 3.2 Linux Access Gateway APpliance running
NetIQ Access Manager 3.2 Interim Release 1 applied
NetIQ Access Manager 3.2 Linux Access Gateway APpliance running
Situation
Access Gateway Appliance setup to accelerate a Novell Vibe server. All communication with the server via the proxy works fine for users accessing Vibe resources via the browser. When these same users access the Vibe webdav folders through Windows 'My network
places' or 'Map Network drive' features, access to the files fail from Windows 7 clients.
Resolution
Need to make the following configuration changes to the Access Gateway Appliance (AGA) setup:
a) Set the following 'Advanced Option' on the AGA
b) On the client machine perform the following steps:
(i). Add the Vibe and Access Manager URLs to the browser’s trusted site and add the trusted root certificates from the Vibe and AGA server certificate to the browsers Trusted Root Certification Authorities.
a) Set the following 'Advanced Option' on the AGA
NAGGlobalOptions AllowMSWebDavMiniRedir to onb) On the client machine perform the following steps:
(i). Add the Vibe and Access Manager URLs to the browser’s trusted site and add the trusted root certificates from the Vibe and AGA server certificate to the browsers Trusted Root Certification Authorities.
(ii). Restart the client and access Vibe Webdav URLs either by using
Add a network location option or Map network drive option.Additional Information
The relevant key points when setting up Vibe within an Access Manager environment are
- The Vibe server must be set up with either (a) digest auth (HTTP or HTTPS), or (b) basic auth over HTTPS with a server certificate meeting the following three specific requirements: Requirement 1 (=CR1) The server certificate is "trusted" by the Windows 7 computer. For this, the server certificate must be signed by a trusted CA accepted by Windows 7 such as VeriSign, Thawte, and Equifax, etc. If self-signed certificate, it must be explicitly imported into the Trusted Root Certification Authorities store on Windows 7 computer. Detailed instructions will be given in the solutions section to show how to do this using IE 8. Requirement 2 (=CR2) The certificate must match your site URL. In other word, the certificate must have been issued to a name that precisely matches the domain name of the URL you're using it for. Requirement 3 (=CR3) The certificate must not have been expired. That is, it should have valid date range. If not all of the above conditions are met, we do know that it will not work. Please double check to ensure that your test followed this guideline.