Solving the iManager 'Service Not Available' Message

Solving the iManager 'Service Not Available' Message

3>Problem

When installing OES (Linux), including the SP2 version, in some cases (from what I can tell, when installing without eDirectory), when using iManager to administer the NetStorage service residing on the same server as iManager, you get a "Service not available. Possible cause: Unauthorized" error message. However, the NetStorage service itself runs without problems. Of course, this assumes you have the eDirectory service running somewhere in you network (even on the server in discussion).



Solution



Assuming all the required services are running (Apache2, Novell Tomcat4, Novell xsrvd, Novell xregd), all you have to do is to generate a "cacerts" file in /etc/opt/novell/tomcat4/. This file is a SSL certificates repository used by (among others) the iManager plugin for NetStorage to communicate with the XTier service running on the same server.



It seems that this file is not copied from a RPM archive, but it is generated instead (probably by a post-installation script from a RPM). To generate it, you have to use the "keytool" utility from the Java SDK, which generally is already installed on the server.
More specific, you should run the following, as root:



cd /etc/opt/novell/tomcat4/
keytool -import -alias myrootca -keystore cacerts -file /etc/ssl/servercerts/servercert.pem


where "myrootca" is an alias for the certificate to be imported (you can put any name here, but this alias has to be unique within a given certificate repository). "cacerts" is the file name of the certificate repository (which, in our case, will be created since it does not exist) and "/etc/ssl/servercerts/servercert.pem" is the file with the SSL certificate used by the Apache web server.



When running the above command, you will be prompted to introduce a password, which, in this case, must be "changeit" (this is the default one used by Tomcat).



Following the creation of the "cacerts" file, you will have to set the appropriate rights to it:



chown root.www cacerts
chmod 644 cacerts


Now, restart the Tomcat service (rcnovell-tomcat4 restart) and try the tasks below the "File Access (NetStorage)" section, in iManager.



Note: You may encounter one more problem. Even after you get all of the above done, when trying to access the "Files" task from the "File Access (NetStorage) section - you may get the following error:



NetStorage getData: IOExceptionURL = https:// ( https:/// )<your_IP_address_OR_DNS_name>/oneNet/xtier-loginnull


After that, the other tasks also become unavailable, requiring a Tomcat service restart.



The problem is that you didn't connect to the server using the same name as the one specified in the SSL certificate used by the Apache service running on that server. So, for instance, if you have configured the Apache service to use a SSL certificate with a CN (Common Name) of "my.server.com", and they connect to the same server, but using the IP address (https:///nps/iManager) instead of the name (https://my.server.com/nps/iManager), you would get the above error. In that case, you should use the server name when connecting to iManager on that server. The same principle applies when using a SSL certificate with a CN of the server's IP address.



Note: This solution was tested on OES (Linux) with SP2.

Labels (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
With OES2, do the following instead:

cd /var/opt/novell/tomcat5/conf/
keytool -import -alias myrootca -keystore cacerts -file {location to certificate file, eg /etc/apache2/ssl.crt/certificate.crt}

chown wwwrun.www cacerts
chmod 644 cacerts

rcnovell-tomcat5 restart
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-03-10 19:23
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.