Environment
NetIQ Access Manager 4.0
NetIQ Access Manager 4.0 Support Pack 1 applied
NetIQ Access Gateway Appliance and Service
NetIQ Access Manager 4.0 Support Pack 1 applied
NetIQ Access Gateway Appliance and Service
Situation
Access Manager setup and working well where users could access protected resources behind Access Gateway (AG) after having successfully authenticated to the Identity (IDP) server. One of the Web server applications is downed for maintenance purposes and some test users correctly get 504 HTTP status errors accessing these resources via the AG. The problem is that the healthcheck status on the Admin Console for the web server is GREEN, when the application itself is down.
Looking at the JCC Log file on the AG, we can clearly see that the status is reported as passed, when an error exists ...
Looking at the JCC Log file on the AG, we can clearly see that the status is reported as passed, when an error exists ...
<exServiceHealth exHealthStatus="Passed" exServiceName="Reverse
Proxy - balancer://bal_firsttimeuseridchange"><exDescription
exHealthStatus="Passed">
Worker can currently connect to Webserver: 172.17.19.78:35780 Status:
INITIALIZED; IN_ERROR;
Time of last error: "16:38:52 Monday 24 November 2014"
Retries: 1
Load balance factor: 1
Number of times elected: 2
Number of bytes written: 0
Number of bytes read: 0
</exDescription>
</exDescription>
</exServiceHealth>
Time of last error: "16:38:52 Monday 24 November 2014"
Retries: 1
Load balance factor: 1
Number of times elected: 2
Number of bytes written: 0
Number of bytes read: 0
</exDescription>
</exDescription>
</exServiceHealth>
Resolution
Apply NAM 4.0 SP1 HF2 or greater.
A bug existed where the AG health check performed against webservers shows a green status when webserver is not listening on standard TCP port (80/443).
A bug existed where the AG health check performed against webservers shows a green status when webserver is not listening on standard TCP port (80/443).