Environment
NetIQ Access Manager 3.2
Upgrading from NetIQ Access Manager 3.1.4
Admin Console, Identity Server upgraded flawlessly
Upgrading from NetIQ Access Manager 3.1.4
Admin Console, Identity Server upgraded flawlessly
Situation
Customer upgraded/migrated their AdminConsole, and Identity Servers components from 3.1.4 to 3.2.2 without issues. All protected resources going through the old 3.1 Linux Access Gateways (LAG) continued to work without issues.
In order to upgrade the old LAGs to the new 3.2 Access Gateways, the Admin successfully installed MAG appliance to the point that it imported into the AdminConsole. They are running into a problem while trying to add the MAG to their existing 3.1.4-57 Cluster. The Admin Console never shows the new 3.2 AG fully entering the AG cluster, and all AG commands are shown as pending for hours.
The Admin is seeing the following error in the "rcnovell-apache2.out.pending"
Syntax error on line 113 of /etc/opt/novell/apache2/conf/NovellAgSettings.conf:
Interval out of range
The novell-apache2 script has thrown error message :
Reloading Novell Gateway Service...
see /var/log/novell-apache2/rcnovell-apache2.out for details ..
unused
In order to upgrade the old LAGs to the new 3.2 Access Gateways, the Admin successfully installed MAG appliance to the point that it imported into the AdminConsole. They are running into a problem while trying to add the MAG to their existing 3.1.4-57 Cluster. The Admin Console never shows the new 3.2 AG fully entering the AG cluster, and all AG commands are shown as pending for hours.
The Admin is seeing the following error in the "rcnovell-apache2.out.pending"
Syntax error on line 113 of /etc/opt/novell/apache2/conf/NovellAgSettings.conf:
Interval out of range
The novell-apache2 script has thrown error message :
Reloading Novell Gateway Service...
see /var/log/novell-apache2/rcnovell-apache2.out for details ..
unused
Resolution
Fixed in 3.2.2 IR1.
Cause
The issue was that for all of their
authprocedures in their config.xml had a value of 0 for
AuthContractRefreshRate.
grep -ir 'AuthContractRefreshRate="0"' stage.xml
grep -ir 'AuthContractRefreshRate="0"' stage.xml
<AuthenticationProcedure AuthProcedureID="authprocedure_Name_Password___8hours" Name="Name/Password - 8hours" SelectedOption="idp" UserInterfaceID="authprocedure_Name_Password___8hours" LastModified="4294967295" LastModifiedBy="String" AuthContractTimeout="480" AuthContractRefreshRate="0"> <AuthenticationProcedure AuthProcedureID="authprocedure_Name_Password_4hours" Name="Name/Password-4hours" SelectedOption="idp" UserInterfaceID="authprocedure_Name_Password_4hours" LastModified="4294967295" LastModifiedBy="String" AuthContractTimeout="240" AuthContractRefreshRate="0"> ...This is an illegal value and not within the expected range of values.