bdkmcgl Absent Member.
Absent Member.
8962 views

Access Forbidden When Attempting to Run iMonitor

I'm getting an Acess forbidden! message when attempting to access iMonitor via https://ipaddress:8030/nds.

Any ideas?

Thank you!
Labels (2)
0 Likes
34 Replies
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

bdkmcgl,

do you get the login screen and then after trying to login that error or do you get it right when you try to access that page ? If after login, what user do you use ?

oes 1 or oes 2 ?

Rainer
0 Likes
bdkmcgl Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Rainer,

Thank you for taking the time to reply.

I get the message right when I try to access the page. It's OES 2.

Thanks again.

Sean


brunold;1613594 wrote:
bdkmcgl,

do you get the login screen and then after trying to login that error or do you get it right when you try to access that page ? If after login, what user do you use ?

oes 1 or oes 2 ?

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Sean,

iMonitor is just a module that is loaded alon with the edirectory.
Can you run the following command to list all modules and check if imon is reported as running ?

# ndstrace -c modules
...
imon Running
...

You also can check with netstat if there is somebody listening on port 8030 on that server:

# netstat -tanpu | grep 8030

I just want to make sure that is is running and there is a different problem.

Rainer
0 Likes
bdkmcgl Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Rainer,

Thanks again for your reply.

Yes, I see imon Running, and I see LISTEN for port 8030 (I see tcp 0 0 xxx.xxx.xxx.xxx:8030 0.0.0.0:* LISTEN 2813/ndsd).

Sean

brunold;1614696 wrote:
Sean,

iMonitor is just a module that is loaded alon with the edirectory.
Can you run the following command to list all modules and check if imon is reported as running ?

# ndstrace -c modules
...
imon Running
...

You also can check with netstat if there is somebody listening on port 8030 on that server:

# netstat -tanpu | grep 8030

I just want to make sure that is is running and there is a different problem.

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Sean,

okay so it's running ...

Can you post the exact message you get when accessing the url in a browser window ?

Can you please also try to access the imonitor from a command line browser like wget:

# wget --no-check-certificate https://<server ip or name>:8030/nds

Running that command should try to download the web page and the output should contain somewhere the end something like "_LOGIN_SERVER_".

I just want to make sure this is not client browser related and a native imonitor problem.

Did you expect some certificate problems on that oes server ?
Can you verify you certificates to check that they have not expired ?

Rainer
0 Likes
bdkmcgl Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

The message I get is as follows:

Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. If you think this is an error, please contact the webmaster. Error 403.

The results of wget were as follows:

Proxy tunneling failed: Forbidden Unable to establish SSL connection.

I checked the SSL CertificateDNS and SSL CertificateIP from ConsoleOne and both came back valid. Not that I am aware of everything that might raise suspicions, but no, I have no reason to be expect a certificate problem.

brunold;1614736 wrote:
Sean,

okay so it's running ...

Can you post the exact message you get when accessing the url in a browser window ?

Can you please also try to access the imonitor from a command line browser like wget:

# wget --no-check-certificate https://<server ip or name>:8030/nds

Running that command should try to download the web page and the output should contain somewhere the end something like "_LOGIN_SERVER_".

I just want to make sure this is not client browser related and a native imonitor problem.

Did you expect some certificate problems on that oes server ?
Can you verify you certificates to check that they have not expired ?

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Sean,

have you restarted this server during the last time and the problem still existed or is it running for a long time ?

The next thing would to unload and load the imonitor module. This would of course also happen if the server was restarted, that's why I ask.

To unload it manually run the follwing command:

# ndstrace -c 'unload imon'

this might take a few seconds, after that load it again ...

# ndstrace -c 'load imon'

and try to access the imonitor once again.

Rainer
0 Likes
bdkmcgl Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

I have restarted the server a few times while trying to figure this out. I also ran the commands you provided anyway, and still the same Access forbidden message.


brunold;1614750 wrote:
Sean,

have you restarted this server during the last time and the problem still existed or is it running for a long time ?

The next thing would to unload and load the imonitor module. This would of course also happen if the server was restarted, that's why I ask.

To unload it manually run the follwing command:

# ndstrace -c 'unload imon'

this might take a few seconds, after that load it again ...

# ndstrace -c 'load imon'

and try to access the imonitor once again.

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Sean,

I think this must be a ssl problem because you also get that message "Proxy tunneling failed: Forbidden Unable to establish SSL connection." when using wget.

Let me see if I can figure out where the imonitor pulls it's certificate from when it is started.

Rainer
0 Likes
bdkmcgl Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Thank you very much for your time and assistance.

brunold;1614754 wrote:
Sean,

I think this must be a ssl problem because you also get that message "Proxy tunneling failed: Forbidden Unable to establish SSL connection." when using wget.

Let me see if I can figure out where the imonitor pulls it's certificate from when it is started.

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Can you check during that time if the ndsd.log has some error messages in when unloading and loading the imon module ?

/var/opt/novell/eDirectory/log/ndsd.log

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Some more information from debugging ...

can you chck the file /etc/opt/novell/eDirectory/conf/ndsimon.conf and see what configurations are in there ?
My reference file has just "LockMask: 1" activated in there. If you need to make any change, unload and load the module.

Next step is to verify the imonitor rpm package that was installed. Please run the following command to see if any file has changed since the imonitor installation:

rpm -V novell-NDSimon

Rainer
0 Likes
bdkmcgl Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

...shutdown successfully and ...started successfully.

brunold;1614767 wrote:
Can you check during that time if the ndsd.log has some error messages in when unloading and loading the imon module ?

/var/opt/novell/eDirectory/log/ndsd.log

Rainer
0 Likes
Brunold Rainer Absent Member.
Absent Member.

Re: Access Forbidden When Attempting to Run iMonitor

Can you check on that server if apparmor is running ?

rcapparmor status ?

If it is started, stop it and try to access imonitor once again.

Rainer
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.