After upgrade to iManager Server 3.0.4 on Windows, cannot establish connection to login screen

  • Document ID:7022661
  • Creation Date:13-Feb-2018
  • Modified Date:13-Feb-2018
    • Micro Focus Products:
      eDirectory
      iManager

Environment

Windows 2012 R2
iManager 3.0.4
eDirectory 9.0.4

Situation

  • Upgraded from iManager 3.0.0 to 3.0.4 on Windows 2012 R2.
  • Unable to connect to iManager Login page - "Server took too long to respond: ERR_TIMED_OUT"
  • %TOMCATHOME\conf\ssl directory is empty
  • %TOMCATHOME\log\stderr.log shows the following error:
java.io.FileNotFoundException: C:\Program Files\Novell\Tomcat\conf\ssl\.keystore (The system cannot find the file specified)

Resolution

  1. Follow steps 1 through 6 listed in the section "Replacing the iManager Self-Signed Certificates on Windows" found at the following link: https://www.netiq.com/documentation/imanager-3/imanager_install/data/b18ro0hi.html#b18ro0ib

  2. Some of the steps require access to the iManager certificate plugins. If you don't have a functioning iManager server available, download and install iManager Workstation version 3.0.4. This is a stand-alone client that can be removed once the iManager server is working properly.

  3. When you get to step 7 in the above documentation, use the following instructions instead:
    • Find the following lines in the %TOMCATHOME\conf\server.xml file:
      <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

      <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="conf/ssl/.keystore" keystorePass="changeit" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS" />

    • Modify the 'keystoreFile' attribute to use the name of the .p12 certificate file you copied to the %TOMCATHOME\conf\ssl in step 5 of the documentation: e.g. keystoreFile="conf/ssl/mycert.p12".
    • Change the 'keystorePass' attribute to the password you assigned to the certificate.
    • Save and close the file.

  4. Start the tomcat service (e.g. The correct way to stop and start the Tomcat8 service on Windows is to use Services.exe, select the Tomcat8 service from the list, and select the Start, Stop, or Restart options in the left pane).

  5. From a web browser, connecting to iManager should now establish an https connection.

Cause

It appears that in rare instances the installer does not create a temporary self-signed certificate during the upgrade. This situation would also arise if the keystore files have been accidentally deleted from the %TOMCATHOME\conf\ssl directory. When attempting to connect to the iManager login screen, the browser will attempt a TLS handshake. The connection hangs because the server, without a certificate, is unable to perform a handshake. The browser window will then display a "This site can't be reached" or "Server took too long to respond" error. These steps describe how to replace the temporary certificate, which is always recommended to do as soon as possible after installing a new iManager server.