Unexpected Error, contact your system administrator

Dears,

I am receiving the below error in IGA:

Unexpected Error, contact your system administrator

Noting I am receiving it after the installation is complete; and when opening the system, I receive it (no data was input yet on the system).

Any help is appreciated to fix that.

Best regards,
Georgio

Parents
  • Dears,
    Below errors are found in the Tomcat log:
    [SEVERE] 2020-10-02 11:02:57 com.netiq.iac.server.rest.ConnectionService testConnection - [IG-SERVER] Test Connection error: DaaS connector returned error (487): Target authentication failure: Failed Authentication: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839 ]
    [SEVERE] 2020-10-02 11:05:11 com.netiq.iac.server.rest.RiskScoreService getRiskScoreConfiguration - [IG-SERVER] Encountered unexpected error: null
  • Greetings,
    You have two (2) different errors outlined which are you trying to resolve in this thread because it should be 1 per thread?

    #1
    [SEVERE] 2020-10-02 11:02:57 com.netiq.iac.server.rest.ConnectionService testConnection - [IG-SERVER] Test Connection error: DaaS connector returned error (487): Target authentication failure: Failed Authentication: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839 ]

    This is from a test connection (where some pressed the test connection button) in an area within ID Gov that will be connecting to an "LDAP Server" that is failing with the ID & Password that were provided. Are you trying to connection to:
    a) LDAP server (AD or eDirectory) in an Identity Collector
    b) LDAP server (AD or eDirectory) in an Account or Permission Collector
    c) LDAP server (AD or eDirectory) in LDAP Fulfillment?

    If none of the above, what are you trying to configure/connect to?


    #2
    [SEVERE] 2020-10-02 11:05:11 com.netiq.iac.server.rest.RiskScoreService getRiskScoreConfiguration - [IG-SERVER] Encountered unexpected error: null

    This relates to Risk configuration within ID Gov
    a) Have you started to configure Risk
    b) What is the exact version of ID Gov
    c) How did you did you install the databases, did you allow the installer to create everything or did you create sql files?

    If you set the package com.netiq.iac.server.rest.RiskScoreService to DEBUG or TRACE in the ig-server-logging.xml and
    -Stop tomcat
    -Delete the localhost folder in the tomcat/work/Catalina directory
    -Delete or move out all of the logs in the tomcat/logs directory
    -Start Tomcat
    -Login and configure again we should get more information about the issue.

     

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • Dear Steve,

    Thank you for your reply.

    For issue 1; please note the issue is received before configuring anything (identity/account/permissions collector); it is appearing at the login with bootstrap admin.

    For issue 2; we did not even reach the RISK configuration, we had just finished installation and those errors appeared in the log file. 

    We are using version 3.5.0.

    For the SQL, we extracted the IDGov35-Core-Helper-All, which installed Postgres (which by the way is connected successfully during installation and after).

    Best regards,
    Georgio

  • If this is a new install, I would strongly recommend you just reinstall as 3.6.latest, since there is no point in starting with an older version.

  • Greetings,

    Related to issue #1, ID Gov does not perform any ldap calls as part of the login. OSP handles that. The error is coming from a Test Connection which would happen in a Collector or Fulfillment. If you started with a completely brand new/empty database then there would be no collectors, metrics, risk, or fulfillments defined.

    Related to issue #2. Risk is also not set-up when one installs into a completely brand new/empty database


    Was this a completely brand new install or did you try to upgrade the database data from a prior version? Or utilize a PostgreSQL from different install (meaning you already had Dev set-up and accidentally pointed this install to the Dev PostgreSQL)


    As Geoffrey outlined, at this point a new set-up should not be created with ID Gov 3.5.x. This version of the product will no longer be supported at December. You should be utilizing ID Gov 3.6.1. If you are entitled to it, the software will be in your Customer Portal to download


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • Dears,

    I will try to look for the 3.6.1.

    But meanwhile, please find attached the Log files zipped, maybe something will clarify the error.

    Best regards,

    Georgio

    Tomcat logs.zip
Reply Children
  • Verified Answer

    Greetings,
    There are a number of issues outlined in the logs:

    1) You configured with IP address.

    -Dcom.netiq.idm.osp.client.host=10.13.1.225

    That is not going to work per the OAuth and OpenID Connect specs. One has to use resolvable DNS values with this product. There should be a note in the ID Gov 3.5 Release Notes and Installation Guide. With ID Gov 3.6.x installers we provide you a warning/error.


    2) We are not able to get a lock in the databases

    [INFO] 2020-10-05 13:11:10 com.netiq.iac.server.j2ee.ArcServerInitListener logDbVersionInfo - [IG-SERVER] Database product information for Ara database: PostgreSQL, Version: 10.5
    [INFO] 2020-10-05 13:11:12 com.netiq.iac.server.j2ee.ArcServerInitListener loadBaseData - [IG-SERVER] Beginning base data load
    [INFO] 2020-10-05 13:11:12 com.netiq.persist.json.DataLoadLock lockDataLoad - [IG-SERVER] Failed to obtain data load lock
    [INFO] 2020-10-05 13:11:17 com.netiq.persist.json.DataLoadLock lockDataLoad - [IG-SERVER] Failed to obtain data load lock
    [INFO] 2020-10-05 13:11:22 com.netiq.persist.json.DataLoadLock lockDataLoad - [IG-SERVER] Failed to obtain data load lock
    [INFO] 2020-10-05 13:11:27 com.netiq.persist.json.DataLoadLock lockDataLoad - [IG-SERVER] Failed to obtain data load lock
    [INFO] 2020-10-05 13:11:32 com.netiq.persist.json.DataLoadLock lockDataLoad - [IG-SERVER] Failed to obtain data load lock
    [INFO] 2020-10-05 13:11:37 com.netiq.persist.json.DataLoadLock lockDataLoad - [IG-SERVER] Failed to obtain data load lock
    [SEVERE] 2020-10-05 13:11:37 com.netiq.iac.server.j2ee.ArcServerInitListener loadBaseData - [IG-SERVER] Encountered unexpected error: Encountered unexpected exception

    As are result the schema can not be updated during the start-up nor can we confirm the schema is correct. This kind of situation happens if 2 servers are trying to read the schema at the same time. Or if one killed / stopped Tomcat during the start-up while it had a lock on the tables and was reading.

    The bottom line is that the server is not correct and needs to be fixed. To clean this up, please open a Service Request.


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • That is not going to work per the OAuth and OpenID Connect specs. One has to use resolvable DNS values with this product. There should be a note in the ID Gov 3.5 Release Notes and Installation Guide. With ID Gov 3.6.x installers we provide you a warning/error.

    Steve, That is interesting.  Do you happen to know if this is an OSP thing (which it seems like it would) and thus affects IDM as well?

    Secondarily, when OSP loads it defines the DNS name and the IP address (based on DNS lookups I think) as tenants in the OSP log file.  Does that mean, that although you must define a DNS name, a connect to an IP address will no longer work?  (This used to work in the past, I rarely use it, but it was useful to get around load balancers occasionally).

     

  • Oh, I think I see what you are referring to.  The -D means it is a Java param, and you mean in the tomcat/bin/setenv.sh it has the IP address as opposed to the DNS name.  Interesting.

  • Dear Steve,

    Thank you for your feedback.

    Please note we created a new VM, where we installed ID Gov 3.6.1 and issue was solved.

    As mentioned, the issue was due to a corrupted snapshot.

    Thank you.

    Best regards,

    Georgio