Table of Contents
Advertisement
Troubleshooting the netHSM Configuration
To discover potential configuration errors:
1 Verify that you have not enabled the data encryption of resource IDs. There is a known issue
with this feature and the Apache libraries in a multi-provider environment. Because of this
issue, netHSM is not compatible with encrypting the resource IDs.
1a In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web
Service Provider.
1b Click a profile, then check the setting for the Have Discovery Encrypt This Service's
Resource Ids option.
1c If the option is selected, deselect it, then click OK.
1d Verify that all profiles have been configured so that they do not encrypt the resource IDs.
2 View the nfast log files:
Linux:
Windows:
When there is a port conflict,
nFast server: Notice: Using tcp socket local:9000
nFast server: Fatal error during startup: Operating system call failed:
bind tcp socket, Address already in use
For information on how to change the port, see
netHSM documentation.
3 (Linux only) If the
debug.log
page of the Identity Server displays the following error:
The following error occurred during the identity server configuration.
Unable to read keystore: /opt/novell/devman/jcc/certs/idp/AMstore45.jks
To correct the error:
3a View the rights for the nfast log files with the following command:
ll /opt/nfast/log
Your listing should look similar to the following:
-rw-r--r-- 1 novlwww nfast
-rw-r--r-- 1 novlwww nfast
-rw-r----- 1 root
-rw-r----- 1 nfast
-rw-r----- 1 nfast
If
continue with
If
the source of your problem. Continue with
3b Stop Tomcat with the following command:
/etc/init.d/novell-tomcat5 stop
3c Stop nfast with the following command:
/opt/nfast/sbin/init.d-nfast stop
64
Novell Access Manager 3.1 SP1 Identity Server Guide
/opt/nfast/log
C:\nfast\log
logfile
user does not have rights to the
novlwww
files, the Identity Server is halted because it cannot read the keystore. The Health
nfast
nfast
nfast 3057 Apr 11 11:50 logfile
is not listed as the owner of the
novlwww
Step
3b.
is listed as the owner of the files with rw permissions, log file ownership is not
novlwww
contains entries similar to the following:
Step 6 on page
53. For other errors, consult the
cmdadp.log
0 Apr 11 11:50 cmdadp-debug.log
134 Apr 11 11:50 cmdadp.log
43 Apr 11 11:49 debug
5 Apr 11 11:49 hardserver.pid
and
cmdadp.log
Step
4.
and
cmdadp-
files,
cmdadp-debug.log
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
Related Products for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009