NetIQ Access Manager Access Gateway Services configuration changes do not get processedNetIQ

  • Document ID:7011326
  • Creation Date:08-Nov-2012
  • Modified Date:18-Oct-2017
    • Micro Focus Products:
      Access Manager (NAM)

Environment

  • Novell Access Manager Access Gateway Service on Linux (SLES / RedHat)
  • Novell Access Manager 3.2
  • Novell Access Manager 4.x

Situation

  • Configuration changes pushed by he Access Manager console do not get processed at the Access Gateway Service

  • The "/var/log/novell-apache2/rcnovell-apache2.out" does not store any errors

  • device manager (devman) / JCC logfiles do not store any errors

  • Access Gateways are up and running

  • One of several errors reported in the catalina.out which was leading to the root cause of this problem was:
    log4j:ERROR setFile(null,true) call failed.
    java.io.FileNotFoundException: /var/opt/novell/amlogging/logs/ags_error.log (Permission denied)
    at java.io.FileOutputStream.openAppend(Native Method)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:177)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:102)
    at org.apache.log4j.FileAppender.setFile(FileAppender.java:290)

  • The "/var/opt/novell/amlogging/logs/ags_error.log" stopped logging new entries several month ago

  • The Access Gateway Service reports:
    AGM - Configuration Pending configuration file found 1351000160592-config.xml (Required Action) Check AGM log files for potential processing problems

Resolution

  • assign the correct file ownership novlwww.novlwwww

  • make sure that mounted disks still have enough free space left

  • do not use the mount option "nosuid" in "/etc/fstab" for any partitions used by NAM

Cause

most of the processes like the ActiveMQ (used to apply config changes) and the Gateway Manager run as novlwww:novlwww.  The novlwww user and group had been re-created with a new userid:groupid on the Access Gateway devices which were failing to apply the configuration change without changing the file ownership. Reviewing the file system on the devices showed many (not all) of the access manager files had been assign to an unknown user (just listing the userid:groupid as numbers).

Additional Information

  • The pushed configuration files will be stored at:
    "/opt/novell/nam/mag/webapps/agm/WEB-INF/config/pending/xxxx-config.xml"

  • If the Access Gateway cannot process the pending configuration file it will use the configuration files from a previous working configuration in order to avoid any downtime.

  • The "/var/log/novell-apache2/rcnovell-apache2.out" can be used to review problems applying a configuration change
    Note: with NAM 3.1.4 this file will be overwritten you run a "/etc/init.d/novell-apache2 restart"