Environment
NetIQ Access Manager 4.1
NetIQ Access Manager 4.1 SUpport Pack 1 applied
NetIQ Access Manager 4.1 SUpport Pack 1 applied
Situation
Access Manager 4.1.1 running fine and 4.1.1 HF1 was applied. The installation appeared to go through without any issues and
there are no errors reported in any of the install logs or console. The AC healthcheck also shows all device as green.
However, when users try to access a protected resource and are redirected to the ESP, a 500 internal error message is reported on the browser, instead of the IDP login page one would expect.
The error_logs showed the following key snippet at restart time, indicating a connection problem between the AG and tomcat.
Sep 28 11:17:49 cdcsx150 httpd[14570]: [error] (111)Connection refused: proxy: AJP: attempt to connect to 127.0.0.1:9009 (127.0.0.1) failed
The connection was refused, even though the listening port was there.
We restarted the rcnovell-apache2 without success.
However, when users try to access a protected resource and are redirected to the ESP, a 500 internal error message is reported on the browser, instead of the IDP login page one would expect.
The error_logs showed the following key snippet at restart time, indicating a connection problem between the AG and tomcat.
Sep 28 11:17:49 cdcsx150 httpd[14570]: [error] (111)Connection refused: proxy: AJP: attempt to connect to 127.0.0.1:9009 (127.0.0.1) failed
Sep 28
11:17:49 cdcsx150 httpd[14570]: [error] ap_proxy_connect_backend disabling
worker for (127.0.0.1)
Sep 28 11:17:49 cdcsx150 httpd[14570]: [error] proxy: AJP: failed to make connection to backend: 127.0.0.1
Sep 28 11:17:49 cdcsx150 httpd[14585]: [error] proxy: AJP: disabled connection for (127.0.0.1)
:
: // many of the following errors
Sep 28 11:17:49 cdcsx150 httpd[14570]: [error] (-1)Unknown error 18446744073709551615: AMEVENTID#8: mkusr:fail:03000300000000000000000000000000d370ff2f, referer: https://cx150.mich.hglab.com/irj/portal/xport?fwkDebug=true
Sep 28 11:17:49 cdcsx150 httpd[14577]: [error] (-1)Unknown error 18446744073709551615: AMEVENTID#9: mkusr:fail:03000300000000000000000000000000d370ff2f, referer: https://cx150.mich.hglab.com/irj/portal/xport?fwkDebug=true
Sep 28 11:17:49 cdcsx150 httpd[14580]: [error] (-1)Unknown error 18446744073709551615: AMEVENTID#10: mkusr:fail:03000300000000000000000000000000d370ff2f, referer: https://cx150.mich.hglab.com/irj/portal/xport?fwkDebug=true
Sep 28 11:17:49 cdcsx150 httpd[14570]: [error] proxy: AJP: failed to make connection to backend: 127.0.0.1
Sep 28 11:17:49 cdcsx150 httpd[14585]: [error] proxy: AJP: disabled connection for (127.0.0.1)
:
: // many of the following errors
Sep 28 11:17:49 cdcsx150 httpd[14570]: [error] (-1)Unknown error 18446744073709551615: AMEVENTID#8: mkusr:fail:03000300000000000000000000000000d370ff2f, referer: https://cx150.mich.hglab.com/irj/portal/xport?fwkDebug=true
Sep 28 11:17:49 cdcsx150 httpd[14577]: [error] (-1)Unknown error 18446744073709551615: AMEVENTID#9: mkusr:fail:03000300000000000000000000000000d370ff2f, referer: https://cx150.mich.hglab.com/irj/portal/xport?fwkDebug=true
Sep 28 11:17:49 cdcsx150 httpd[14580]: [error] (-1)Unknown error 18446744073709551615: AMEVENTID#10: mkusr:fail:03000300000000000000000000000000d370ff2f, referer: https://cx150.mich.hglab.com/irj/portal/xport?fwkDebug=true
The connection was refused, even though the listening port was there.
We restarted the rcnovell-apache2 without success.
Resolution
Restart rcnovell-appliance (restarts the ESP, AG and AG services). The issue was tied to the agscd service and a restart of that service would probably have sufficed. For some reason, the service failed to inistialise first time, and once restar was performed, all worked fine.