- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Discover the Novell forums at http://forums.novell.com
Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement
Catalina.start: LifecycleException: Exception opening directory server
connecti
on: javax.naming.CommunicationException: simple bind failed:
localhost:389 [Roo
t exception is javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext c
onnection?]
That means that Tomcat is trying to access LDAP, unencrypted. The
default configuration does not allow for that. The quick fix is to go
into ConsoleOne, find the LDAP Server/Group object and uncheck "Require
TLS for anonymous binds.
Normally Tomcat uses SSL to communicate though, so the question is:
What has changed?
> You still have not told us whether this has ever worked and if so
> what did change. However:
>
> Catalina.start: LifecycleException: Exception opening directory
> server connecti
> on: javax.naming.CommunicationException: simple bind failed:
> localhost:389 [Roo
> t exception is javax.net.ssl.SSLException: Unrecognized SSL message,
> plaintext c
> onnection?]
>
> That means that Tomcat is trying to access LDAP, unencrypted. The
> default configuration does not allow for that. The quick fix is to go
> into ConsoleOne, find the LDAP Server/Group object and uncheck
> "Require TLS for anonymous binds.
>
> Normally Tomcat uses SSL to communicate though, so the question is:
> What has changed?
he has nw65 sp7, with that comes imanager 2.7 and you'll need to load
tomcat5
--
Cheers,
Edward
> And whe did it last work?
The thread, just prior to this one, from the same poster, indicates a
failed DIB / dead server problem. It's likely that the iManager instance
isn't going to work on a server with a broken DIB.
--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com
Please post questions in the newsgroups. No support provided via email.
What about what David posted:
"The thread, just prior to this one, from the same poster, indicates a
failed DIB / dead server problem. It's likely that the iManager
instance
isn't going to work on a server with a broken DIB."
Have you resolved those issues? Anyway, if you have to get iManager up
and running to fix something fast, then try downloading and installing
the standalone iManager that runs on a workstation.
as stated earlier iManager 2.7 uses tomcat5 not tomcat4. Tomcat4 is still
required to managed things like Apache and FTP but that's about it..in most
cases you can stop tomcat4 from loadiing.
In addition, tomcat require ssl and certificates...lets assume that you've
never set this up and your server have been in place for .2years. By default
certificates are only created with a validity or two years...if they have
expired then the apache administration instance will not load and neither
will tomcat.
so you have a few options:
1. run pkidiag at the server console where iManager is running and check the
certificates...or just have a look at the certs using consoleone and have a
look at the Public Key Certificate...if it's expired then recreate them in
C1 or get pkdiag to do it for you. I prefer C1 because then i can specify
the expiry period. Make sure that it's the cert\s that are attached to LDAP
2. refresh the ldap config or reload nldap
3. you will then need to update the keystore that apache and tomcat
use....to do this at the server console type tckeygen....watch the logger
screen for errors. If there are any then you may need to post them back.
4. try to load tomcat5....watch the logger screen for errors...when it's
loaded open a browser and hopefully it's fixed
"ahleia" <ahl...@no-mx.forums.novell.com> wrote in message
news:ahleia...@no-mx.forums.novell.com...
>
> We have unloaded/loaded NLDAP.NLM again, but still we are getting the
> same error message.
>
>
> --
> ahleia
> ------------------------------------------------------------------------
> ahleia's Profile: http://forums.novell.com/member.php?userid=4973
> View this thread: http://forums.novell.com/showthread.php?t=365757
>
FYI Ahleia..you can't create certs without a functional CA. So fixing that
first is a precursor to following any steps that i've posted. The CA doesn't
need to hold a replica but does need ds operational and communicating.
"Anders Gustafsson" <And...@no-mx.forums.novell.com> wrote in message
news:VA.00003bd...@no-mx.forums.novell.com...
You have a certificate problem. What version of NetWare and what service
packs. Can you post the exact output from PKIDIAG as I get no hits when
searching for the message you posted.
- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Novell has a new enhancement request system,
or what is now known as the requirement portal.
If customers would like to give input in the upcoming
releases of Novell products then they should go to
http://www.novell.com/rms
>
> Hello.
>
> NOES2 my server (Netware) stopped showing the iManager screen.
> Gives the error message:
> he server is temporarily unable to service your request due to
> maintenance downtime or capacity problems. Please try again later.
> Error 503
> my server ip
> Friday, August 27, 2010 15:53:47
> Apache/2.0.59 (NETWARE) mod_jk/1.2.21
>
> Saw its guidelines for use of pkidiag. I tried using the pkdiag that
> says the certificate does not exist. But I also can not create: Step 6
> failed pkidiag 35 323
It looks like your CA has died. Can you go the security container and
veriy if you have a "<treename> CA" object ? If so, go to properties
and check if it still has a host server. If not, blow it away and
recreate it and run pkidiag on your servers.
--
Cheers,
Edward