XML Validation Error on Access Gateway - no ID/IDREF binding for IDREF ‘keyinfo_all_ag_com'

  • 7018361
  • 06-Dec-2016
  • 12-Dec-2016

Environment

NetIQ Access Manager 4.2.1 Linux Admin Console
NetIQ Access Manager 4.2.1 Linux Access Gateway Service
NetIQ Access Manager 4.2.1 Linux Identity Server

Situation

Access gateway cluster with 2 nodes.

1. Created additional Proxy services  on a Reverse Proxy and updated the Server Certificate to a wild card certificate to support the multiple proxy services. 
Then removing one of the nodes from the cluster and trying to apply all these changes resulted in a pop-up error message - "XML Validation Error" on Admin Console. 

2. Upon checking /opt/novell/devman/share/logs/app_sc.0.log, we can see:
There is no ID/IDREF binding for IDREF 'keyinfo_all_ag_com'
XML Validation Error

3. Trying to click on AGCluster -> Edit -> Revert and then "Update" doesn't help to resolve the issue.

Resolution

1. Check /opt/novell/nam/mag/webapps/agm/WEB-INF/config/current/config.xml on the Access Gateway (AG) and search for keyinfo_all_ag_com. There would be entries as below:
<KeyList LastModified="1468308899390" LastModifiedBy="cn=admin,o=novell">
         <KeyInfo KeyID="keyinfo_auto" Name="auto" Type="rsa" UserInterfaceID="keyinfo_auto" />
    <KeyInfo KeyID="keyinfo_any" Name="any" Type="trustedroot" UserInterfaceID="keyinfo_any" />
    <KeyInfo KeyID="keyinfo_keylist_any" Name="any_from_keylist" Type="trustedroot" UserInterfaceID="keyinfo_keylist_any" />
    <KeyInfo KeyID="keyinfo_alltomcat" Name="alltomcat" Type="rsa" UserInterfaceID="keyinfo_alltomcat" />
    <KeyInfo KeyID="keyinfo____ag_com" Name="___ag_com" Type="rsa" UserInterfaceID="keyinfo____ag_com" />
    <KeyInfo KeyID="keyinfo_mytomcat_ag_com" Name="mytomcat_ag_com" Type="rsa" UserInterfaceID="keyinfo_mytomcat_ag_com" />
    <KeyInfo KeyID="keyinfo_all_ag_com" Name="all_ag_com" Type="rsa" UserInterfaceID="keyinfo_all_ag_com" />

</KeyList>


2. Connect to Admin Console's configuration store using an ldap browser and browse to the AG.
    novell -> accessManagerContainer -> VCDN_ROOT -> PartitionsContainer -> Partition -> AppliancesContainer -> ag-xxxxxxxxxx 
     Note: To get the value of "xxxxxxxxxx" -> Go to Admin Console -> Dashboard -> Troubleshooting -> Version -> You can see it under "Version" column of the respective AG
     Ex: 4.2.1.0-29-DB0C6E32DCBAEE1A. Hence xxxxxxxxxx DB0C6E32DCBAEE1A

3. Checking romaAGConfigurationXMLDoc under CurrentConfig, WorkingConfig shows that the KeyList has missing entries (as compared to the KeyList in step 1, the below has fewer entries)
<KeyList LastModified="1468308899390" LastModifiedBy="cn=admin,o=novell">

  <KeyInfo KeyID="keyinfo_auto" Name="auto" Type="rsa" UserInterfaceID="keyinfo_auto" />

  <KeyInfo KeyID="keyinfo_any" Name="any" Type="trustedroot" UserInterfaceID="keyinfo_any" />

   <KeyInfo KeyID="keyinfo_keylist_any" Name="any_from_keylist" Type="trustedroot" UserInterfaceID="keyinfo_keylist_any" />

</KeyList>


5. Update the romaAGConfigurationXMLDoc on both CurrentConfig and WorkingConfig with the missing entries (as compared to /opt/novell/nam/mag/webapps/agm/WEB-INF/config/current/config.xml).
Note: Please take a backup of the access manager configuration before updating 
( Linux: /opt/novell/devman/binambkup.sh, 
  Windows: \Program Files (x86)\Novell\bin\ambkup.bat)

6. Running "Update" on AGCluster from Admin Console now goes through without any errors.