Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Access Gateway
NetIQ Access Manager 3.2 Admin Console on Windows or Linux
NetIQ Access Manager 3.2 Appliance
Situation
Access Manager setup and working well. Users can access protected resources behind the Access Gateway (AG) after having succesfully authenticated at the Identity (IDP) Server. An Administrator then went into the AG configuration, made a change to a TCP timeout for one of the web servers and after applying the update, the AG command status never went from "pending' to 'success'. The AG configuration showed a 'reconfigure' request but no errors were displayed.
Looking at the app_sc log file on the Admin Console, we could see that the update request was sent to the AG, but when the response came back from the AG, the following audit referenced exception was thrown in the file:
66526(D)2014-02-07T09:43:08Z(L)application.sc.core(T)23(C)com.volera.vcdn.application.sc.core.AuditManager(M)A(E)org.jdom.input.JDOMParseException:
Error on line -1: Premature end of file.
at org.jdom.input.SAXBuilder.build(SAXBuilder.java:468)
at com.volera.vcdn.platform.util.XmlUtil.create(y:1686)
at com.volera.vcdn.application.sc.core.AuditManager.A(y:1079)
at
com.volera.vcdn.application.sc.core.AuditManager.<init>(y:3283)
at
com.volera.vcdn.application.sc.core.AuditManager.getInstance(y:971)
at
com.volera.vcdn.application.sc.core.DeviceManager.setHealthCheck(y:448)
at
com.volera.vcdn.application.sc.health.HealthEventListener.eventOccurred(y:3070)
Resolution
Execute the following steps:
a) run an LDAP browser against this eDir user store on appliance
b) browse to
ou=AppliancesContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
c) locate the string "attribute name="OrganizationalUnitXMLDoc""
d) replace the currently blank value to the following (but change the IP
address to match yours)
<romaAppliancesContainer xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://vcdnschema/xmlschemas/romaAppliancesContainer.xsd"
romaXMLDocumentVersion="1.0.0">
<events healthChanges="0" serverImports="0" serverDeletes="0"
configChanges="0" />
<secureLoggingServers secureLoggingServersA="147.2.35.59"
secureLoggingServersB="" secureLoggingServersC="" />
<secureLoggingPort port="1289" />
</romaAppliancesContainer>
e) save and try and apply and update again.
Cause
Some corruption of the configuration store occured that reset the "OrganizationalUnitXMLDoc" attribute for that container, causing the required audit server configuration information to be removed. By manually re-adding the audit configuration with the correct IP address, the status moved from pending to success.