XML Validation Error on Access Gateway - no ID/IDREF binding for IDREF ‘keyinfo_all_ag_com'

  • Document ID:7018361
  • Creation Date:06-Dec-2016
  • Modified Date:12-Dec-2016
    • Micro Focus Products:
      Access Manager (NAM)

Environment

NetIQ Access Manager 4.2.1 Linux Admin Console
NetIQ Access Manager 4.2.1 Linux Access Gateway Service
NetIQ Access Manager 4.2.1 Linux Identity Server

Situation

Access gateway cluster with 2 nodes.

1. Created additional Proxy services  on a Reverse Proxy and updated the Server Certificate to a wild card certificate to support the multiple proxy services. 
Then removing one of the nodes from the cluster and trying to apply all these changes resulted in a pop-up error message - "XML Validation Error" on Admin Console. 

2. Upon checking /opt/novell/devman/share/logs/app_sc.0.log, we can see:
There is no ID/IDREF binding for IDREF 'keyinfo_all_ag_com'
XML Validation Error

3. Trying to click on AGCluster -> Edit -> Revert and then "Update" doesn't help to resolve the issue.

Resolution

1. Check /opt/novell/nam/mag/webapps/agm/WEB-INF/config/current/config.xml on the Access Gateway (AG) and search for keyinfo_all_ag_com. There would be entries as below:
<KeyList LastModified="1468308899390" LastModifiedBy="cn=admin,o=novell">
         <KeyInfo KeyID="keyinfo_auto" Name="auto" Type="rsa" UserInterfaceID="keyinfo_auto" />
    <KeyInfo KeyID="keyinfo_any" Name="any" Type="trustedroot" UserInterfaceID="keyinfo_any" />
    <KeyInfo KeyID="keyinfo_keylist_any" Name="any_from_keylist" Type="trustedroot" UserInterfaceID="keyinfo_keylist_any" />
    <KeyInfo KeyID="keyinfo_alltomcat" Name="alltomcat" Type="rsa" UserInterfaceID="keyinfo_alltomcat" />
    <KeyInfo KeyID="keyinfo____ag_com" Name="___ag_com" Type="rsa" UserInterfaceID="keyinfo____ag_com" />
    <KeyInfo KeyID="keyinfo_mytomcat_ag_com" Name="mytomcat_ag_com" Type="rsa" UserInterfaceID="keyinfo_mytomcat_ag_com" />
    <KeyInfo KeyID="keyinfo_all_ag_com" Name="all_ag_com" Type="rsa" UserInterfaceID="keyinfo_all_ag_com" />

</KeyList>


2. Connect to Admin Console's configuration store using an ldap browser and browse to the AG.
    novell -> accessManagerContainer -> VCDN_ROOT -> PartitionsContainer -> Partition -> AppliancesContainer -> ag-xxxxxxxxxx 
     Note: To get the value of "xxxxxxxxxx" -> Go to Admin Console -> Dashboard -> Troubleshooting -> Version -> You can see it under "Version" column of the respective AG
     Ex: 4.2.1.0-29-DB0C6E32DCBAEE1A. Hence xxxxxxxxxx DB0C6E32DCBAEE1A

3. Checking romaAGConfigurationXMLDoc under CurrentConfig, WorkingConfig shows that the KeyList has missing entries (as compared to the KeyList in step 1, the below has fewer entries)
<KeyList LastModified="1468308899390" LastModifiedBy="cn=admin,o=novell">

  <KeyInfo KeyID="keyinfo_auto" Name="auto" Type="rsa" UserInterfaceID="keyinfo_auto" />

  <KeyInfo KeyID="keyinfo_any" Name="any" Type="trustedroot" UserInterfaceID="keyinfo_any" />

   <KeyInfo KeyID="keyinfo_keylist_any" Name="any_from_keylist" Type="trustedroot" UserInterfaceID="keyinfo_keylist_any" />

</KeyList>


5. Update the romaAGConfigurationXMLDoc on both CurrentConfig and WorkingConfig with the missing entries (as compared to /opt/novell/nam/mag/webapps/agm/WEB-INF/config/current/config.xml).
Note: Please take a backup of the access manager configuration before updating 
( Linux: /opt/novell/devman/binambkup.sh, 
  Windows: \Program Files (x86)\Novell\bin\ambkup.bat)

6. Running "Update" on AGCluster from Admin Console now goes through without any errors.