lbattistello Absent Member.
Absent Member.
192 views

Identity Servers Hardware migration


Hi,

I have an Access Manager 3.2 SP 3 installation with 2 Access Gateways
and 1 Identity Server.
All the servers are running in a Virtual enviroment.

We need to move the virtual machines to another Data Center, but keeping
the same configuration and IP address.

We did a test, and we found this problem:
The first server that we moved, was the Identity Server. After the
migration, we saw that the IP address was configured in eth1 instead of
eth0 as it was in the older environment (I don´t know if this is
important). From the OS it could "ping" the Access Gateways´s servers
without any problem.
But when we wanted to access any webserver through Access Manager we saw
the message in the browser that it can't connect to the Identity
Provider.

Any idea?

Thanks and regards,

Luis


--
lbattistello
------------------------------------------------------------------------
lbattistello's Profile: https://forums.netiq.com/member.php?userid=290
View this thread: https://forums.netiq.com/showthread.php?t=53441

0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Identity Servers Hardware migration

lbattistello wrote:

>
> Hi,
>
> I have an Access Manager 3.2 SP 3 installation with 2 Access Gateways
> and 1 Identity Server.
> All the servers are running in a Virtual enviroment.
>
> We need to move the virtual machines to another Data Center, but
> keeping the same configuration and IP address.
>
> We did a test, and we found this problem:
> The first server that we moved, was the Identity Server. After the
> migration, we saw that the IP address was configured in eth1 instead
> of eth0 as it was in the older environment (I don�t know if this is
> important). From the OS it could "ping" the Access Gateways�s
> servers without any problem.
> But when we wanted to access any webserver through Access Manager we
> saw the message in the browser that it can't connect to the Identity
> Provider.
>
> Any idea?
>


When you moved the VM it probably got a new MAC address so udev created
a new rule for it.

Have a look at /etc/udev/rules.d/70-persistent-net.rules (i guess you
are on SLES 11).

I bet you have 2 rules in that file.

--
Cheers,
Edward
0 Likes
lbattistello Absent Member.
Absent Member.

Re: Identity Servers Hardware migration


Hi Edward,

Thanks for your answer.
You won the bet 😉 in the file at the Identity Server / Provider, there
are 2 lines. One with the old`s NIC card information (eth0) and the
other with the new`s NIC card information (eth1).

What do I need to do?
a) Delete the old`s NIC card line and run any procedure in AM
configuration ?
b) Run the utilities/commands to change eth1 to eth0. Is necessary to
have eht0 for AM?
c) ....

Thanks and regards,

Luis


--
lbattistello
------------------------------------------------------------------------
lbattistello's Profile: https://forums.netiq.com/member.php?userid=290
View this thread: https://forums.netiq.com/showthread.php?t=53441

0 Likes
Knowledge Partner
Knowledge Partner

Re: Identity Servers Hardware migration

lbattistello;2393241 wrote:
Hi Edward,

Thanks for your answer.
You won the bet 😉 in the file at the Identity Server / Provider, there
are 2 lines. One with the old`s NIC card information (eth0) and the
other with the new`s NIC card information (eth1).

What do I need to do?
a) Delete the old`s NIC card line and run any procedure in AM
configuration ?
b) Run the utilities/commands to change eth1 to eth0. Is necessary to
have eht0 for AM?
c) ....

Thanks and regards,

Luis


--
lbattistello
------------------------------------------------------------------------
lbattistello's Profile: https://forums.netiq.com/member.php?userid=290
View this thread: https://forums.netiq.com/showthread.php?t=53441


Not sure how you did the move. Assuming VMware, and you were at version 6, it should've just moved without an issue.
It sounds almost as if you manually copied the VMDK stuff, and then you answered "wrong" when VMware asked you if you moved it or copied it.

The IDentity server (on SLES) doesn't care if the card is eth0 or eth1 (I've done enough of these,I know). Just as long as you have a WORKING ethXXX with the same IP address.

If SLES, you can either edit the udev rules as Ed mentioned, or just write down the config (if you don't have it documented already) of the "old" interface, delete it, and then re-configure the new ethernet interface with the same info and bounce the server for good measure.

I'm not sure if the AG appliance is as forgiving (easier to just reinstall the darn thing to be honest). Admin Console (on SLES) works just the same was as the IDP.

Assuming separate components on each box.

--Kevin
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Identity Servers Hardware migration

lbattistello wrote:

>
> Hi Edward,
>
> Thanks for your answer.
> You won the bet 😉 in the file at the Identity Server / Provider,
> there are 2 lines. One with the old`s NIC card information (eth0) and
> the other with the new`s NIC card information (eth1).
>
> What do I need to do?
> a) Delete the old`s NIC card line and run any procedure in AM
> configuration ?
> b) Run the utilities/commands to change eth1 to eth0. Is necessary to
> have eht0 for AM?
> c) ....


You can delete both rules and restart server (i think you can get udev
to rescan as well without a reboot but i've never bothered to google
for that).

Now this might break your networking config though. In
/etc/sysconfig/network is a bunch of files. Check if there's a
ifcfg-eth1 and/or ifcfg-eth0 and what the config is. If there's only a
ifcfg-eth1 then after a restart your networking will be 'broken' but if
you just simply move that config file from ifcfg-eth1 to ifcfg-eth0 and
do a rcnetwork restart it'll be fixed.

As Kevin pointed out though. Currently your IDP is perfectly capable of
functioning. It doesn't really care about the interface name. Just the
IP really


--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.