Admin Console eDirectory Server fails after a restart giving no access to iManager service

  • Document ID:7022463
  • Creation Date:14-Dec-2017
  • Modified Date:14-Dec-2017
    • Micro Focus Products:
      Access Manager (NAM)

Environment

Access Manager 4.3.1
Access Manager Appliance
Admin Console eDirectory fails to start

Situation

After successfully installing the Access Manager Appliance, users were able to access the test Portal application after authenticating at the Identity Server. Additional changes were made to add a few SAML 2.0 Service Providers to the existing environment, before the Administrator rebooted the server for maintenance.

After a reboot of the server the Access Gateway and Identity Server components failed to function and the Admin Console would not be accessible - trying to access iManager on TCP port 8443 from browser resulted in no connection.

Resolution

Remove duplicated lines from the ndsd.conf file using the following steps:

- Make a backup the /etc/opt/novell/eDirectory/conf/nds.conf  file.
- Edit the nds.conf file and remark the duplicate lines by prefacing each line with #.
- restart eDirectory using : /etc/init.d/ndsd start
- restart the appliance using : /etc/init.d/novell-appliance start  

Cause

Certain versions of eDirectory are known to write duplicate information to the ndsd.conf file (https://support.microfocus.com/kb/doc.php?id=7018156)

Additional Information

The following troubleshooting tips were used to narrow down and identify the source of the issue:

At the server console: netstat nap | grep ‘LISTEN’ | grep 8443 showed that the tcp 8443 port was listening. If you watch this during startup it will be open for a short time during startup.

Several LDAP connection attempts will be in the /opt/novell/nam/adminconsole/logs/catalina.out file:

SRetryDispatcher exception:  login (ldaps://172.17.2.100:636/o=novell/ou=accessManagerContainer/ou=VCDN_Root/ou=PartitionsContainer/ou=Partition/ou=ROMAServerContainer/ou=nq_am/ou=Alert, com.volera.vcdn.plat

form.storage.core.SPasswordCredentials@68a531f8) failed

javax.naming.CommunicationException: 127.0.0.1:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

 This indicates that we could not communicate with the eDir LDAP server.

At the server, the command: /etc/init.d/ndsd status reports that eDirectory is not running. An attempt to start eDirectory manually /etc/init.d/ndsd start will fail with the following error (Using /opt/novell/eDirectory/bin/ndscheck will output a similar error):

Executing customized settings before starting the NetIQ eDirectory server...

Starting NetIQ eDirectory server...

Multiple values for n4u.server.configdir found in configuration file.

Failed to parse configuration file. ndsd will not start up.

NetIQ eDirectory server startup failed.

For more information view the following log file : /var/opt/novell/eDirectory/log/ndsd.log