Environment
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
NetIQ Access Manager 4.2
Situation
When following steps 1-5 in the documentation for changing the Identity Servers IP address, the Management IP Address change is not retained but rolls back to the original IP address.
Documentation referred to for changing Identity Server IP is found here
Documentation referred to for changing Identity Server IP is found here
Resolution
Steps to work around the issue:
1. Select the IDP you are wanting to change the IP address of by placing a check in the box next to it.
2. Select Stop
3. Check the box next to the IDP once again, select Actions > Remove from Cluster
4. Once removed, check the box next to the IDP once again and select Actions > Delete
5. Once IDP is deleted from the administration console, proceed with the steps in the documentation to change the IP address as follows:
1. On the Identity Server, stop the server communication service by using the following command:
Linux: /etc/init.d/novell-jcc stop OR rcnovell-jcc stop
Windows: net stop jccserver
2. Change the IP address by using an operating system utility:
Linux: Click YaST > Network Devices > Network Card, select a method, select the card, then click Edit.
Windows: Click Control Panel > Network Connections > Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties.
3. Change to the jcc directory:
Linux: /opt/novell/devman/jcc
Windows Server 2012: \Program Files (x86)\Novell\devman\jcc
9. Run the configure command:
Linux: conf/Configure.sh
Windows: conf\configure.cmd
The command must be run from the jcc directory because it needs access to files that are available from this directory.
10. When you are prompted for the local listener IP address, enter the new IP.
11. When you are prompted for the administration server IP, enter the IP address of the Administration Console.
12. Follow the prompts and accept the defaults for ports and admin user.
13. Replace all references to the old IP address in the server.xml file with the new IP address:
a. Change to the Tomcat configuration directory:
Linux: /opt/novell/nam/idp/conf
Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf
b. In a text editor, open the server.xml file.
c. Search for the old IP address and replace it with the new IP address.
d. Save your changes.
14. Start the server communication service by using the following command:
Linux: /etc/init.d/novell-jcc start OR rcnovell-jcc start
Windows: net start jccserver
15. Restart Tomcat:
Linux: Enter the following command:
/etc/init.d/novell-idp restart OR rcnovell-idp restart
Windows: Enter the following commands:
net stop Tomcat7
net start Tomcat7
16. Follow the steps below to re-import the Identity Server back into the Administration Console with the new IP address:
1. On the Identity Server machine, change to the jcc directory:
Linux: /opt/novell/devman/jcc
Windows: \Program Files\Novell\devman\jcc
Run the reimport script for jcc:
Linux: ./conf/reimport_nidp.sh jcc
Windows: conf\reimport_nidp.bat jcc
Run the reimport script for the Administration Console:
Linux: ./conf/reimport_nidp.sh nidp
Windows: conf\reimport_nidp.bat nidp <admin>
2. Replace <admin> with the name of your administrator for the Administration Console.
3. If these steps do not work, refer to troubleshooting documentation for installation and device import here
4. If you are still experiencing issues with re-importing the Identity Server, contact technical support for further assistance.
Once the Identity Server is re-imported to the Administration Console, add it back to the cluster. It should now show and be using the new IP address.
1. Select the IDP you are wanting to change the IP address of by placing a check in the box next to it.
2. Select Stop
3. Check the box next to the IDP once again, select Actions > Remove from Cluster
4. Once removed, check the box next to the IDP once again and select Actions > Delete
5. Once IDP is deleted from the administration console, proceed with the steps in the documentation to change the IP address as follows:
1. On the Identity Server, stop the server communication service by using the following command:
Linux: /etc/init.d/novell-jcc stop OR rcnovell-jcc stop
Windows: net stop jccserver
2. Change the IP address by using an operating system utility:
Linux: Click YaST > Network Devices > Network Card, select a method, select the card, then click Edit.
Windows: Click Control Panel > Network Connections > Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties.
3. Change to the jcc directory:
Linux: /opt/novell/devman/jcc
Windows Server 2012: \Program Files (x86)\Novell\devman\jcc
9. Run the configure command:
Linux: conf/Configure.sh
Windows: conf\configure.cmd
The command must be run from the jcc directory because it needs access to files that are available from this directory.
10. When you are prompted for the local listener IP address, enter the new IP.
11. When you are prompted for the administration server IP, enter the IP address of the Administration Console.
12. Follow the prompts and accept the defaults for ports and admin user.
13. Replace all references to the old IP address in the server.xml file with the new IP address:
a. Change to the Tomcat configuration directory:
Linux: /opt/novell/nam/idp/conf
Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf
b. In a text editor, open the server.xml file.
c. Search for the old IP address and replace it with the new IP address.
d. Save your changes.
14. Start the server communication service by using the following command:
Linux: /etc/init.d/novell-jcc start OR rcnovell-jcc start
Windows: net start jccserver
15. Restart Tomcat:
Linux: Enter the following command:
/etc/init.d/novell-idp restart OR rcnovell-idp restart
Windows: Enter the following commands:
net stop Tomcat7
net start Tomcat7
16. Follow the steps below to re-import the Identity Server back into the Administration Console with the new IP address:
1. On the Identity Server machine, change to the jcc directory:
Linux: /opt/novell/devman/jcc
Windows: \Program Files\Novell\devman\jcc
Run the reimport script for jcc:
Linux: ./conf/reimport_nidp.sh jcc
Windows: conf\reimport_nidp.bat jcc
Run the reimport script for the Administration Console:
Linux: ./conf/reimport_nidp.sh nidp
Windows: conf\reimport_nidp.bat nidp <admin>
2. Replace <admin> with the name of your administrator for the Administration Console.
3. If these steps do not work, refer to troubleshooting documentation for installation and device import here
4. If you are still experiencing issues with re-importing the Identity Server, contact technical support for further assistance.
Once the Identity Server is re-imported to the Administration Console, add it back to the cluster. It should now show and be using the new IP address.
Cause
This has been reported to engineering.