New Member.

Cert will not display. 500 Error


This seems to be an issue with iManager, not sure how to fix. The actual problem is that when I use my default iManager server (S-01) to do any sort of certificate management (eg View Objects > Browse to and Open "DNS AG S-01 blah" > Select Certificates Tab > Wait for Server 500 error) for one specific server (S-02) there is a long wait and then a 500 error is thrown. On the other hand if I use iManager on the 'bad' server (S-02) there are no problems.

How did I get into this little mess? Easy, I removed the S-02 server from eDirectory by mistake. I was able to re-add the server back into the tree and everything seemed fine. For example S-02 has iPrint Manager on it and it is fully operational and manageable.

Versions :
"Main" iManager server 'S-01' : OES2018, eDir 9.1, SLES 12 sp2, iManager 3.0.4, Master Replica
"Bad" server 'S-02' : OES2018, eDir 9.1, SLES 12 sp2, iManager 3.0.4, iPrint 3.0.3, no replica's

Things Tried :
1. Removed the SAS and all cert objects from eDirectory. Ran ndsconfig upgrade/reload ds/reload nldap/namconfig -k/reload namd

Things thought about, but not tried :
1. Remove SAS/cert objects and recreate with iManager on S-01. Other steps required?
2. Run the coolsolutions certificate-recreation-script. This seems out of date and is perhaps not to be trusted in my environment. For example the tests it performs use ldapsearch with a now invalid parameter of "-e /path/to/SSCert.der".
3. Ignore it since key services are working and managable.
4. Re-install iManager on S-01.

Anyone with clues or advice?
Yes! Me! I found and fixed the issue. The issue is that the server has multiple IP addresses on different subnets. The file /etc/opt/novell/eDirectory/conf/nds.conf had n4u entries for the ip address which was NOT the one used for all things eDirectory/ldap (a private 10.x address used for communication with printers.) That private IP was at the head of the list of ip's in the nds.conf file.

The fix? Remove the references to the 10.x ip address, restart eDir, ldap and namcd just to be certain. And now it is all good.
The clue? Seeing this "ndsconfig get n4u.server.interfaces --config-file /etc/opt/novell/eDirectory/conf/nds.conf | grep n4u" in the /var/log/messages file on a server that was throwing the 500 error. Since that command is the first-ish thing done by iManager when checking a cert I tried it on the "bad" server to see what was being returned and viola!


Labels (1)
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Cert will not display. 500 Error

Nice write-up, and thank-you for sharing your results as this could likely
help others with a hard-to-explain situation.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.