Adding 3.2.2 MAG to 3.1.4-57 cluster failing with "interval out of range"

  • 7013271
  • 12-Sep-2013
  • 18-Sep-2013

Environment

NetIQ Access Manager 3.2
Upgrading from NetIQ Access Manager 3.1.4
Admin Console, Identity Server upgraded flawlessly

Situation

Customer upgraded/migrated their AdminConsole, and Identity Servers components from 3.1.4 to 3.2.2 without issues. All protected resources going through the old 3.1 Linux Access Gateways (LAG) continued to work without issues.

In order to upgrade the old LAGs to the new 3.2 Access Gateways, the Admin successfully installed MAG appliance to the point that it imported into the AdminConsole. They are running into a problem while trying to add the MAG to their existing 3.1.4-57 Cluster. The Admin Console never shows the new 3.2 AG fully entering the AG cluster, and all AG commands are shown as pending for hours.

The Admin is seeing the following error in the "rcnovell-apache2.out.pending"

Syntax error on line 113 of /etc/opt/novell/apache2/conf/NovellAgSettings.conf:
Interval out of range

The novell-apache2 script has thrown error message :
Reloading Novell Gateway Service...
see /var/log/novell-apache2/rcnovell-apache2.out for details ..
unused

Resolution

Fixed in 3.2.2 IR1.

Cause

The issue was that for all of their authprocedures in their config.xml had a value of 0 for AuthContractRefreshRate.

grep -ir 'AuthContractRefreshRate="0"' stage.xml
        <AuthenticationProcedure
AuthProcedureID="authprocedure_Name_Password___8hours" Name="Name/Password -
8hours" SelectedOption="idp"
UserInterfaceID="authprocedure_Name_Password___8hours"
LastModified="4294967295" LastModifiedBy="String" AuthContractTimeout="480"
AuthContractRefreshRate="0">
        <AuthenticationProcedure
AuthProcedureID="authprocedure_Name_Password_4hours"
Name="Name/Password-4hours" SelectedOption="idp"
UserInterfaceID="authprocedure_Name_Password_4hours" LastModified="4294967295"
LastModifiedBy="String" AuthContractTimeout="240" AuthContractRefreshRate="0">
...
This is an illegal value and not within the expected range of values.