Environment
NetIQ Access Manager 4.1
Situation
Admin Console is on internal network. Installing IDP or MAG (appliance or service) in the DMZ. The installation fails with the error:
Unable to contact the Admin Console at the given IP Address XXX.XXX.XXX.XXX
This caused by the DMZ firewall blocking port 8443 between AC and component being installed as a check to https://${ADMIN_CONSOLE_IP}:8443/roma/rest/ac/acinfo is performed in the install_utility_function.sh script
Unable to contact the Admin Console at the given IP Address XXX.XXX.XXX.XXX
This caused by the DMZ firewall blocking port 8443 between AC and component being installed as a check to https://${ADMIN_CONSOLE_IP}:8443/roma/rest/ac/acinfo is performed in the install_utility_function.sh script
Resolution
Open port 8443/2443 between AC and new components in the DMZ.
or you can use the following work around:
or you can use the following work around:
The HTTP calls during cluster creation of the install can be disabled by commenting out the following lines in the .sh files under installation files extracted_folder/scripts.
ma_install.sh 76: checkCompatibility "${MAIN_INSTALL_LOG}"
ag_install.sh 108: checkCompatibility "${MAIN_INSTALL_LOG}"
install.sh 167: checkCompatibility "${MAIN_INSTALL_LOG}"
install.sh 188: checkCompatibility "${MAIN_INSTALL_LOG}"
ac_install.sh 704: checkCompatibility "${MAIN_INSTALL_LOG}"
Cause
It is understood that it can be time consuming via change control
requests as well as raise security concerns to open a well known port to
accommodate this check. This has been reported to engineering and is set to be corrected in next major release 4.2.