Cannot download Identity Server log files from Admin Console on WIndows platform

  • 7011593
  • 09-Jan-2013
  • 09-Jan-2013

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Support Pack 1 applied
NetIQ Access Manager 3.2 Admin Console installed on Windows 2008
NetIQ Access Manager 3.2 Identity Server installed on Windows 2008

Situation

The Admin Console iManager interface allows an administrator download all relevant NAM log files for troubleshooting and monitoring purposes. By selecting the Auditing -> General Logging options under iManager, all log files for each component is available for download, along with it's local filename on the specific server. Downloading any file from the Admin Console or Access Gateways worked fine, but downloading any of the files from the Identity Server would fail e.g. downloading the stdout.log, stderr.log or jcc.log file would fail with the following message displayed on the browser:

"Error creating a zip file of the logs"

A similar setup in a QA environment did not show up the same issue.

The jcc log files show the following message:

"WARNING: File not found or access denied to: \Program Files(x86)\Novell\Tomcat\logs\stdout.log"

but the app_sc log files on the Admin Console showed the following:

(Msg)could not download/copy the file \Program Files(x86)\Novell\Tomcat\logs\stdout.log

In the working setup, we see that we reference the progra~2 directory and not Program Files(x86), which is the same thing ie. one can CD into either and get to the same final directory

371333(D)2013-01-03T15:02:06Z(L)webui.sc.servlet(T)74(C)com.volera.vcdn.webui.sc.handler.commands.JCCCommandGroup$DownloadLog(M)execute(Msg)Received
request to view log file: C:\PROGRA~2\Novell\Tomcat\logs\stdout.log on devman

Resolution

Use an ldapbrowser to manually change the setting for the DeviceBasePath in the romaIDPDeviceSAXMLDoc attribute of the IDP server object using the steps below. Make sure that a backup of the configuration is taken with ambkup beforehand.

a) use an LDAP browser to  connect to the Admin Console ldap server
b) browse to the following object - cn=idp-xxxxx,ou=AppliancesContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell where xxxx is the device ID of the Identity Server you are having problems downloading the files from. This deviceID is available from the Auditing -> General Logging screen
c) locate the romaIDPDeviceSAXMLDoc attribute for this object and 
d) modify the 'DeviceBasePath="C:\Program Files(x86)\Novell\Tomcat\webapps\nidp\' and replace it with 'DeviceBasePath="C:\PROGRA~2\Novell\Tomcat\webapps\nidp\'. The entry should look like the following:

romaIDPDeviceSAXMLDoc: <romaIDPDevice ConfigUserName="config.ics.ics_tree" ManagementAddress="199.112.151.50" ManagementPort="1443" ConfigPassword="454f96b9" DeviceDescription="Identity Server Instance" DeviceLocation="" ActualType="idp" DisplayName="199.112.151.50" DeviceVersion="3.2.1.57" DeviceType="idp" exApplianceType="idp" romaLastModified="1355302900689" romaLastModifiedBy="cn=admin,o=novell" UpdateStatusCurSWID="PSW-98916f4cda82c90aa7c70a041a13bcab2c3bbaa7fc0" DeviceBasePath="C:\PROGRA~2\\Novell\Tomcat\webapps\nidp\" DeviceOS="Windows" UpdateStatus="0" />ACL: 16#subtree#ou=Alert,ou=T-100-270-18_AMCS,ou=ROMAServerContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell#[Entry Rights]romaEXHealthStatus: Yellow

e) login to iManager again and retry download operation