log language and DaaS 500 error

Hi.

IG 3.7.0

First of all, I wanted to check why we got an error (see issue #2 below)

Issue #1

Someone have configured the logging language of the of the IG server to Danish. That is nigh unusable, and it is very har to google solutions for example
Where would I change it to "en" ?

It looks like this
[com.microfocus.logging.config.LoggingConfigurator] [IG-SERVER] Logføring er blevet initialiseret uden fejl af klassen com.netiq.iac.server.j2ee.ArcServerInitListener fra konfigurationsfilen ig-server-logging.xml og den globale konfiguration. Logføringsmeddelelser genereres på Dansk (landestandard: da)

Issue #2 (the important one)

We had some nice functioning edir collectors

Suddenly they all fail.

When testing the connections they say:

[com.netiq.iac.server.rest.ConnectionService] [IG-SERVER] Fejl under test af forbindelse DaaS-konnektoren returnerede fejl (500): Der blev ikke oprettet forbindelse. Ugyldig DaaS-fejl

It worked, and suddenly (within an hour, they suddenly stopped working), not change in configuration, no change in certificates, nothing expired, they just return error 500 and "Invalid DaaS-error" (my own translation)

And I know we should upgrade, but we are in the middle of going live with it, so it is rather annoying, and we can't upgrade right now

  • 0  

    Hello Nicolai,

    Part #1   

    The default language for the runtime is based upon the default language of the server when Identity Governance is installed.  You can change this by

    1) Stop Tomcat
    2) Navigate to the /opt/netiq/idm/apps/idgov/bin directory and launch configutil in console mode
    2.a) issue es (this will create a dump of the current settings as a back-up)
    2.b) The following four (4) properties are the ones you will want to change:
    com.netiq.iac.defaultLocale
    com.netiq.soa.workflow.com.novell.soa.common.i18n.LocaleInfo.default-locale
    com.netiq.soa.notification.com.novell.soa.common.i18n.LocaleInfo.default-locale
    com.novell.idm.rpt.core.locale.default

    For example:
    sp com.netiq.iac.defaultLocale en

    Repeat for the three (3) other properties

    2.c) exit configutil

    3) Delete the localhost folder in the tomcat/work/Catalina directory

    4) Delete all files and folders in the tomcat/temp directory

    5) Move out or delete all of the logs in the tomcat/logs directory

    6) Start Tomcat

    Part #2 
    We do need English logs.  Possibilities:
    1) Password has expired for the eDirectory Service Account
    2) Certificate has expired for the eDirectory server in the Collector
    3) The certificate for ID Gov's https has expired (which would cause war to war calls to fail)
    Again English logs would be easier.

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0   in reply to   

    Thanks.

    Although the log settings are now set to "en"

    [INFO] 2023-10-04 15:12:00.552 [com.microfocus.logging.config.LoggingConfigurator] [IG-WF] Logging successfully initialized by class com.netiq.iac.workflow.jee.IacWorkflo
    wServerInitListener from configuration file ig-wf-logging.xml and global configuration. Log messages will be generated in English (Locale: en)

    The error regarding the collector is still localized to danish, perhaps because the users' locale is danish? peculiar.

    We are able to fetch the certificate, but when pressing "Test" we get this.

    This time however, we have a little more to look at, it basically says: Could not create connection - Invalid DaaS Error 

    It mentions the path "/data/netiq/idm/apps/tomcat/webapps/daas/daasconfig" that path does not exist. We have "/data/netiq/idm/apps/tomcat/webapps/daas/" without a daasconfig in it in the filesystem.

    Nothing was changed on the edir server og the IG server, one minute it was working, the next, it just freaked out.

    eDir LDAP certs have not expired, and the hostname of the edir server is a SAN (and it worked)

    We are able to read the certificate from the collectors service parameters page.

    Tomcat cert have not expired.

    ---ERROR BELOW---

    [INFO] 2023-10-04 15:13:08.796 [com.netiq.daas.daaservice.DaaService] [DAAS] Configuration file path: /data/netiq/idm/apps/tomcat/webapps/daas/daasconfig
    [SEVERE] 2023-10-04 15:13:09.430 [com.netiq.iac.server.rest.ConnectionService] [IG-SERVER] Test Connection error: DaaS-konnektoren returnerede fejl (500): Der blev ikke oprettet forbindelse. Ugyldig DaaS-fejl
    com.netiq.iac.persistence.spi.exception.DaaSServiceException: com.netiq.iac.common.IacException
    at com.netiq.iac.persistence.dcs.dce.daas.DaaSService.testConnection(DaaSService.java:593)
    at com.netiq.iac.persistence.service.cum.DataCollectionService.testConnection(DataCollectionService.java:245)
    at com.netiq.iac.server.rest.ConnectionService.testConnection(ConnectionService.java:95)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
    at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
    at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.netiq.iac.common.j2ee.NoCacheFilter.doFilter(NoCacheFilter.java:65)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.netiq.iac.server.common.audit.AuditLogFilter.doFilter(AuditLogFilter.java:133)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.netiq.iac.server.j2ee.RestApiAuthFilter.doFilter(RestApiAuthFilter.java:141)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.netiq.iac.server.j2ee.ExecutionModeFilter.doFilter(ExecutionModeFilter.java:75)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.netiq.iac.server.j2ee.AuthFilter.doFilter(AuthFilter.java:316)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at com.netiq.iac.server.j2ee.CORSFilter.doFilter(CORSFilter.java:80)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:750)
    Caused by: com.netiq.iac.common.IacException
    at com.netiq.iac.persistence.dcs.dce.daas.DaaSService.testConnection(DaaSService.java:586)
    ... 68 more

  • 0   in reply to   

    Hi again

    Thanks for the answer

    Although the logs are not set to "en" as per

    [INFO] 2023-10-04 15:10:25.964 [com.microfocus.logging.config.LoggingConfigurator] [IG-SERVER] Logging successfully initialized by class com.netiq.iac.server.j2ee.ArcServerInitListener from configuration file ig-server-logging.xml and global configuration. Log messages will be generated in English (Locale: en)

    The error return are still danish. I think it is because of the users' locale settings. and since the collector doesn't work, we can't change it before it does

    Anyway

    • eDir certificates are valid
    • tomcat certs on IG are valid
    • The account's password is not expired, and the is is able to authenticate from an ldap browser

    It worked one moment and the next it did not.

    What can we do?

    It references /data/netiq/idm/apps/tomcat/webapps/daas/daasconfig

    That does not exist

    /data/netiq/idm/apps/tomcat/webapps/daas exists

    [INFO] 2023-10-04 15:13:08.796 [com.netiq.daas.daaservice.DaaService] [DAAS] Configuration file path: /data/netiq/idm/apps/tomcat/webapps/daas/daasconfig
    [SEVERE] 2023-10-04 15:13:09.430 [com.netiq.iac.server.rest.ConnectionService] [IG-SERVER] Test Connection error: DaaS-konnektoren returnerede fejl (500): Der blev ikke oprettet forbindelse. Ugyldig DaaS-fejl
    com.netiq.iac.persistence.spi.exception.DaaSServiceException: com.netiq.iac.common.IacException
    at com.netiq.iac.persistence.dcs.dce.daas.DaaSService.testConnection(DaaSService.java:593)
    at com.netiq.iac.persistence.service.cum.DataCollectionService.testConnection(DataCollectionService.java:245)
    at com.netiq.iac.server.rest.ConnectionService.testConnection(ConnectionService.java:95)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)

  • 0   in reply to   

    Aha!

    Something did change.

    While I was working on it, the "ig read" users permissions got changed

    It was able to read from root

    It was changed so that it was able to read from "o=data" (a step down from root)

    It seems that such a user must be able to read the schema, stored on root I guess. It was not able to do that anymore.