Re: iManager - Error 503
Anders Gustafsson
> When we try to access iManager through web browser from workstation, it
> shows an error message as below.
> Service unavailable!
> The server is temporarily unable to service your request due to
> maintenance downtime or capacity problems. Please try again later.
> If you think this is a server error, please contact the webmaster.
> Error 503
> 192.168.1.11
> Wednesday, March 18, 2009 08:54:50
> Apache/2.0.59 (NETWARE) mod_jk/1.2.21
>
And whe did it last work? Is tomcat running? What does a java -show, say?
- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Discover the Novell forums at http://forums.novell.com
Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement
Anders Gustafsson
logger screen for messages
Anders Gustafsson
did change. However:
Catalina.start: LifecycleException: Exception opening directory server
connecti
on: javax.naming.CommunicationException: simple bind failed:
localhost:389 [Roo
t exception is javax.net.ssl.SSLException: Unrecognized SSL message,
plaintext c
onnection?]
That means that Tomcat is trying to access LDAP, unencrypted. The
default configuration does not allow for that. The quick fix is to go
into ConsoleOne, find the LDAP Server/Group object and uncheck "Require
TLS for anonymous binds.
Normally Tomcat uses SSL to communicate though, so the question is:
What has changed?
Edward van der Maas
> You still have not told us whether this has ever worked and if so
> what did change. However:
>
> Catalina.start: LifecycleException: Exception opening directory
> server connecti
> on: javax.naming.CommunicationException: simple bind failed:
> localhost:389 [Roo
> t exception is javax.net.ssl.SSLException: Unrecognized SSL message,
> plaintext c
> onnection?]
>
> That means that Tomcat is trying to access LDAP, unencrypted. The
> default configuration does not allow for that. The quick fix is to go
> into ConsoleOne, find the LDAP Server/Group object and uncheck
> "Require TLS for anonymous binds.
>
> Normally Tomcat uses SSL to communicate though, so the question is:
> What has changed?
he has nw65 sp7, with that comes imanager 2.7 and you'll need to load
tomcat5
--
Cheers,
Edward
Anders Gustafsson
> he has nw65 sp7, with that comes imanager 2.7 and you'll need to load
> tomcat5
>
upgraded from really old versions. Nevertheless, you are right. If it
is iMan 2.7, then it is tomcat5, but tomcat4 is still loaded and needed
for other stuff, so one might just as well start there ;)
Anders Gustafsson
> Similar to this I've seen installs where there is no certificate listed
> in the LDAP Server object. Adding SSL CertificateIP or SSL
> CertificateDNS then running tckeygen.ncf from the server console
> resolved the problems.
>
Yes. Thanks for pointing that out.
David Gersic
> And whe did it last work?
The thread, just prior to this one, from the same poster, indicates a
failed DIB / dead server problem. It's likely that the iManager instance
isn't going to work on a server with a broken DIB.
--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com
Please post questions in the newsgroups. No support provided via email.
Anders Gustafsson
> It's likely that the iManager instance
> isn't going to work on a server with a broken DIB.
>
Anders Gustafsson
> We have checked out the "Require TLS for simple binds with password"
> from LDAP Group Object, but still we are getting the same error message.
>
Did you unload/load NLDAP.NLM after you did that?
Anders Gustafsson
> We have unloaded/loaded NLDAP.NLM again, but still we are getting the
> same error message.
What about what David posted:
"The thread, just prior to this one, from the same poster, indicates a
failed DIB / dead server problem. It's likely that the iManager
instance
isn't going to work on a server with a broken DIB."
Have you resolved those issues? Anyway, if you have to get iManager up
and running to fix something fast, then try downloading and installing
the standalone iManager that runs on a workstation.
Steven Lim
as stated earlier iManager 2.7 uses tomcat5 not tomcat4. Tomcat4 is still
required to managed things like Apache and FTP but that's about it..in most
cases you can stop tomcat4 from loadiing.
In addition, tomcat require ssl and certificates...lets assume that you've
never set this up and your server have been in place for .2years. By default
certificates are only created with a validity or two years...if they have
expired then the apache administration instance will not load and neither
will tomcat.
so you have a few options:
1. run pkidiag at the server console where iManager is running and check the
certificates...or just have a look at the certs using consoleone and have a
look at the Public Key Certificate...if it's expired then recreate them in
C1 or get pkdiag to do it for you. I prefer C1 because then i can specify
the expiry period. Make sure that it's the cert\s that are attached to LDAP
2. refresh the ldap config or reload nldap
3. you will then need to update the keystore that apache and tomcat
use....to do this at the server console type tckeygen....watch the logger
screen for errors. If there are any then you may need to post them back.
4. try to load tomcat5....watch the logger screen for errors...when it's
loaded open a browser and hopefully it's fixed
"ahleia" <ahl...@no-mx.forums.novell.com> wrote in message
news:ahleia...@no-mx.forums.novell.com...
>
> We have unloaded/loaded NLDAP.NLM again, but still we are getting the
> same error message.
>
>
> --
> ahleia
> ------------------------------------------------------------------------
> ahleia's Profile: http://forums.novell.com/member.php?userid=4973
> View this thread: http://forums.novell.com/showthread.php?t=365757
>
Anders Gustafsson
> so you have a few options:
>
Steven Lim
about the fact that her CA is cactus she obviously has a problem there and
needs to fix that first before she can do anything that i've suggested ;)
FYI Ahleia..you can't create certs without a functional CA. So fixing that
first is a precursor to following any steps that i've posted. The CA doesn't
need to hold a replica but does need ds operational and communicating.
"Anders Gustafsson" <And...@no-mx.forums.novell.com> wrote in message
news:VA.00003bd...@no-mx.forums.novell.com...
Anders Gustafsson
> Saw its guidelines for use of pkidiag. I tried using the pkdiag that
> says the certificate does not exist. But I also can not create: Step 6
> failed pkidiag 35 323
You have a certificate problem. What version of NetWare and what service
packs. Can you post the exact output from PKIDIAG as I get no hits when
searching for the message you posted.
- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Novell has a new enhancement request system,
or what is now known as the requirement portal.
If customers would like to give input in the upcoming
releases of Novell products then they should go to
http://www.novell.com/rms
Edward van der Maas
>
> Hello.
>
> NOES2 my server (Netware) stopped showing the iManager screen.
> Gives the error message:
> he server is temporarily unable to service your request due to
> maintenance downtime or capacity problems. Please try again later.
> Error 503
> my server ip
> Friday, August 27, 2010 15:53:47
> Apache/2.0.59 (NETWARE) mod_jk/1.2.21
>
> Saw its guidelines for use of pkidiag. I tried using the pkdiag that
> says the certificate does not exist. But I also can not create: Step 6
> failed pkidiag 35 323
It looks like your CA has died. Can you go the security container and
veriy if you have a "<treename> CA" object ? If so, go to properties
and check if it still has a host server. If not, blow it away and
recreate it and run pkidiag on your servers.
--
Cheers,
Edward