Anonymous_User Absent Member.
Absent Member.
1335 views

Unable to access iManager (error 503)


Hello,

I am running NetWare 6.5 on a virtual machine (VMWare 9) and I am unable
to access iManager. I've been through the steps on ' this thread'
(http://tinyurl.com/dxmywdc) I've done 'these steps, too.'
(http://www.novell.com/support/kb/doc.php?id=7000759)

Nothing seems to work. However, when I enter the command stoptc4 or
tomcat4 (either one, it doesn't matter) I get an error return of:
CATALINA_OPTS = Vm160m -Xmx256m -Djavax.net ssl.trust Store=sys:/
adminsrv/conf/.Keystore -Dsun.io.useCannonCaches=false

Now, I'm assuming that tomcat isn't loading here and this error is
supposed to tell me something, but it doesn't, cause I have no clue what
it means.

Could one (or more) of you gurus please help me out here?

Thanks!


--
skairys
------------------------------------------------------------------------
skairys's Profile: https://forums.netiq.com/member.php?userid=3313
View this thread: https://forums.netiq.com/showthread.php?t=46242

Labels (1)
0 Likes
11 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Nothing seems to work. However, when I enter the command stoptc4 or
> tomcat4 (either one, it doesn't matter) I get an error return of:
> CATALINA_OPTS = Vm160m -Xmx256m -Djavax.net ssl.trust Store=sys:/
> adminsrv/conf/.Keystore -Dsun.io.useCannonCaches=false


Well, this isn't an error. It's just text being printed out as usual
indicating that a CATALINA_OPTS variable is being set to that value.

> Now, I'm assuming that tomcat isn't loading here and this error is
> supposed to tell me something, but it doesn't, cause I have no clue
> what it means.


I mean this seriously.... I appreciate your honesty in this paragraph.
Almost nothing is more frustrating when trying to help in situations
like this than "x isn't loading and y is broken and the world is at an
end" without evidence. Not only did you show what you saw, you applied
your interpretation and called it out as your interpretation. Thank-you
for being honest and forthcoming.

So let's start at the beginning. In NetWare Tomcat (which runs the
iManager web application) is accessed via Apache httpd (often just
called 'Apache'). Because Tomcat is a Java-based application we can
usually see it running via the 'java -show' command at the NetWare
console. Please run that and post the output. If Tomcat is running
we'll see something about blah.blah.blah.catalina.Bootstrap as I recall
(the actual class there is not so ambiguous, but the end is all I
remember). Seeing that there (or not) will tell us if Tomcat is running.

If Tomcat is running, I assume Apache httpd is running because otherwise
you probably would never see the 503. Still, it'd be nice if you could
see the listening ports for 80 and 443, plus whatever else, via tcpcon
at the NetWare console. Listening usually shows up as an IP address,
and maybe 0.0.0.0 for that address, followed by a colon and the port and
a status of listening. Tomcat should be listening on a couple of high
ports.... 9009 and 9010 come to mind, but it's been a while. Knowing if
they are listening is important, and I'd guess they are.

Silly things to try: tckeygen (from the NetWare console). Do it while
Tomcat is stopped. It requires (as does Tomcat to work fully) that your
server's LDAPS (secure LDAP) port be working correctly with a
certificate. Post the output from when you run it, please.

Also, what is the exact URL you are using to get to iManager?
https://server.ip.goes.here/nps should work all of the time.

What was the output from the commands in that TID? I do not think you
need both Tomcat 4 and Tomcat 5, but I haven't used iManager on there
for a long time.

Taking a step back, can you use iManager Workstation on your workstation
for whatever you're trying to do? It's often much easier to get going,
and keep going, and fix when broken (just restore it from a backup)
because it is all self-contained.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQsR9BAAoJEF+XTK08PnB5ADMP/RQJfACKtw/Weqg2M75fioV7
AmF78gpyaLRfRDbLShcbyP0EzRefjKF4/L9pnTV4WWXaRSDRtlqB+A019erfkZ0b
CmX8rtPh7RQP8m/ZJHrm5pFao/8SYDczK37keHPd4PlpPfeBrLN+HXP1t+eFnYkz
GtoJHKwUGFk4vE28PkqPbqgTm70+ITQZcj/hYqFI3LfkWYDDEPHYPD8qGZnjal8v
aAJwx7TfN2rHbh2AZNJR1ly3Qx3YW6lmKPhaGgPJD2qbskyNK+tkgvmKFBdBEJ4R
mcAZ260xpIS0y92L2FjeK9o0U+2UtCiL8SE1GcinTfF7PTr3mc5h4xNs/Wxz5Y5r
MO6Xhnkkodi0kjfpfBKBraUz9jUwszNz9VmnljR7IWHGAulwMlZMIKSp+rN6KqAN
NpDb6PBgg4zLGF1IjWBTEoqIKPXJAFg7mdoZ5LU3OMu/LivcxWaU2AXZYldo9s4x
U+jwgsJ1LEvoDCg6cqfd0QUi+x9DZ6FK/UfGdqA1oH/deOQqVkA4ib7qeGKUpeX7
+NMyE952HOyAktoweBpsrZEJL6I6AolNccMOGLg/C5iReLnVvw2FPtnLbDhs1v2q
agbo4FFZbpvT6G6FB35eEuZy600RFsMTXwWgCMk2iFeOG7PtZG/5XWGyE7xIGpLI
N+Ub8yLQGSTRx7eq5ePh
=+PVm
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)


Thanx for the compliments; if I don't know something, why would I
pretend to? That's why I'm here, to learn for you guys..

Anyway... when I type java -show, I just get my server name SJK_SRV. No
output for Classname or ID. (I'm assuming this is part of my problem?)

OK. I just ran tcpcon, and it gave me several options to choose from,
SNMP network config, protocol info, ip route table, stats, interfaces
and display local traps. I scrolled thru all of them, and didn't see
any means of seeing what was listening on what port. Am I doing
something wrong here?


Just typed in tckeygen from console, I got no output.

This is the url I use to access iManager:
https://192.168.230.11/nps/servlet/portalservice

How can I use iManager workstation on my "real" pc?

Thank you for your detailed response and patience with a noob to Novell.
🙂


--
skairys
------------------------------------------------------------------------
skairys's Profile: https://forums.netiq.com/member.php?userid=3313
View this thread: https://forums.netiq.com/showthread.php?t=46242

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Thanx for the compliments; if I don't know something, why would I
> pretend to? That's why I'm here, to learn for you guys..


Excessive ego. Unfortunately it plagues many of us.

> Anyway... when I type java -show, I just get my server name SJK_SRV.
> No output for Classname or ID. (I'm assuming this is part of my
> problem?)


Yes... no real output means no Tomcat which means nothing running within
like iManager.

> OK. I just ran tcpcon, and it gave me several options to choose
> from, SNMP network config, protocol info, ip route table, stats,
> interfaces and display local traps. I scrolled thru all of them, and
> didn't see any means of seeing what was listening on what port. Am I
> doing something wrong here?


I should have been clearer, but since you don't have Tomcat running this
isn't necessary. I think the correct steps would have been 'Protocol
Information' and then 'TCP' and then I think hit [Enter] one more time
and then it shows all of the TCP connection information. Feel free to
peruse for fun, but we now know Tomcat isn't loaded so oh well. Think
of this like netstat on Linux/Unix.... same kind of information which is
very valuable.

> Just typed in tckeygen from console, I got no output.


That's pretty normal. I forgot the step of checking the Logger screen
(on the NetWare console) which will show the output from that command.
Argh... it's been too long! This is, though, possibly important. If
Tomcat doesn't get the SSL information from eDirectory's LDAPS interface
then I believe it can fail to start. If you can find a catalina.out
file somewhere on the box (sys:/tomcat4 (or tomcat5)/log/catalina.out
perhaps for the path) that may be interesting to read during startup.
Feel free to post contents here.

> This is the url I use to access iManager:
> https://192.168.230.11/nps/servlet/portalservice


If I were you I'd just stop at 'nps' because that should always work and
adding more can cause issues if any of it is wrong. Not your problem
now, since Tomcat isn't running, but it's something to think about for
when it is working.

> How can I use iManager workstation on my "real" pc?


Note: some, very few, functions do not work in iManager Workstation. I
don't know what they are off the top of my head but be aware there are
some and they are rare to me (meaning not eDirectory, IDM, or
auditing-related at all).

http://download.novell.com/
Choose iManager from the top-left drop-down.
Search
iManager 2.7 (download link)
'Proceed to download' (button)
There should be four links.... two of them have 'workstation' in the
name and one of them is for Linux. You may be stuck using a windows box
and if that's the case there is also a build for that OS. Download,
extract, and run the 'iManager.sh' (or iManager.bat if you only have
windows) script in the extracted 'iManager/bin' directory. From here a
window should pop up which is iManager's login screen.

Things that are useful to know: This is an embedded browser loading
iManager within a local instance of Tomcat. As a result only you, on
your machine, can access this instance of iManager. You are welcome to
change that (make this essentially a "server" version) but that's not
what is intended.

Anytime the documentation or prompts state to 'restart Tomcat' in order
to apply a change like a new plugin or Service Pack, just close this
window that opened up when you ran the iManager.sh script and then run
that iManager.sh script again to reopen the window. That script is
loading Tomcat, and when the window closes so does the embedded version
of Tomcat.

Once installed just treat it like normal. Add SP6 (or whatever the
current iManager SP is) and then close/open the window to restart
Tomcat. Add the eDirectory plugins and restart... IDM plugins and
restart.... etc. Make a shortcut on your desktop, or in a menu, or
whatever to make it faster to load. It will run faster in some ways
(because your workstation could be less-utilized than the servers
involved, plus it is probably not virtualized as servers may be) but
slower in other ways (everything it does requires connecting over a wire
to eDirectory, which will apply slowness based on wire speeds, etc.).

All in all, iManager Workstation is great because it is simple. If you
ever decide it is insane and needs to be replaced, just delete its
directory and re-extract it to start over. Want to share it with
coworkers? Get it perfect and then package it up however you see fit to
send to them. They can extract and run it just as you have it.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQsUg1AAoJEF+XTK08PnB5o0gQANdE5IL2PoOzkWf9RCiye0ai
R5WFB5iflmUCOTkHD5q154ztLVEiDq0zq4O6sdDd0iIR/GgW8pF7XJIj42WOdYNZ
FUHSAxQhSszmbQtgxAuJZBKH3U0rLETuwTah84QnsSvIEPs0/ljnuTICvo2Hn54O
mBP2lw7O19uFODN7pKHbAjVmO3Re7xKUAl2GlvkE0WVTxs9ncWmqazt07cT0NH13
uKSTYW8ejDXv+NxA65SbttKS2GOnPwxBdgHgS6ArzhqwPYzK6BtN/cliIy4gy9QY
syrjPcLMVYjqVwa/47er7lfonKjT/Hwjnb7zx6juQWeyiy0DIzfUrYD3IFSxAKOo
7msTaTjGRdUStYeT4CIgEbpy4QOju3FEFf1334cKZs+YFflPi+7dmrAJC1J/8WJ3
hbcwYeGrxqJ2fkDDkOh/0RGw5pa/+sQInrbIS2ra3RP7DCmWaS8lAllsYatDUss+
gViNNTXe7SlC/Rz6V2e+7zdyYbaSVsEu4XPi8mz6l1ccmmll+cv1g8vOG7H/zJKG
9kiT/YYebeu9P3LzR8HDddiQu4PNlUrb9vUOHukAYyGuwufzI6VDrc+yE3nw7BU5
P9uUPZfKGYNFv9A6VfTjdep3xO1UWuoDoKjo5Rq/M5D9dxJX0X31jYeYOBf20Kzr
1QX8WRQSxUtnfJmphz4M
=uIYY
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)


Ok. Output of sys:/tomcat4/log/catalina.out is:
Unable to find load file sys:/tomcat4/log/catalina.out
???Unkown Command???


I will drop the rest after the nps part after we/I get tomcat running.
🙂

Thank you for the download links. I will look into them later. 🙂

Do you have any suggestions to help me get tomcat up and running again?


I've tried the steps mentioned in my first post, plus trying to
re-install the packages in the GUI via the Novell
button>Install>Selecting Add at the Installed Products Screen>The
following modules were selected: Apache2 Admin Server, Tomcat4 Admin
Instance, Apache2 Webserver and Tomcat4 Servlet Container, Tomcat5
Servlet Container and iManager. >Copy Files Dialog appears> I never got
it to go past the accessing server dialog box (and I waited sometimes 45
mins). Any suggestions here?

You've been a HUGE help so far. Thank you very much!


--
skairys
------------------------------------------------------------------------
skairys's Profile: https://forums.netiq.com/member.php?userid=3313
View this thread: https://forums.netiq.com/showthread.php?t=46242

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

In article <skairys.5mjb3c@no-mx.forums.netiq.com>, Skairys wrote:
> I am running NetWare 6.5
>

Which patch level are you running at? Just type version at the command
prompt of NetWare.

SP8 is the latest (and likely last) version and has been out a while.
The last few NetWare boxes among my clients are all at that level and
have working well, mostly all in vSphere now.

An example from one such box that I see I should push to update eDir
Novell Open Enterprise Server, NetWare 6.5
Support Pack Revision 08
(C) Copyright 1983-2008 Novell Inc. All Rights Reserved. Patent
Pending.
Server Version 5.70.08 October 3, 2008
Novell eDirectory Version 8.7.3.10 SMP
NDS Version 10554.34 April 23, 2008
Server License: Novell NetWare 6 Server 650 SN:302######
User Licenses: Audited


Andy Konecny
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)


I am running version 6.5 w/support pack revision 08.


--
skairys
------------------------------------------------------------------------
skairys's Profile: https://forums.netiq.com/member.php?userid=3313
View this thread: https://forums.netiq.com/showthread.php?t=46242

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

skairys wrote:

>
> Hello,
>
> I am running NetWare 6.5 on a virtual machine (VMWare 9) and I am
> unable to access iManager. I've been through the steps on ' this
> thread' (http://tinyurl.com/dxmywdc) I've done 'these steps, too.'
> (http://www.novell.com/support/kb/doc.php?id=7000759)
>
> Nothing seems to work. However, when I enter the command stoptc4 or
> tomcat4 (either one, it doesn't matter) I get an error return of:
> CATALINA_OPTS = Vm160m -Xmx256m -Djavax.net ssl.trust Store=sys:/
> adminsrv/conf/.Keystore -Dsun.io.useCannonCaches=false
>
> Now, I'm assuming that tomcat isn't loading here and this error is
> supposed to tell me something, but it doesn't, cause I have no clue
> what it means.
>
> Could one (or more) of you gurus please help me out here?
>
> Thanks!


in tcpcon, is there a listener on port 636? If not, your server cert
has died (for whatever reason). If yes, then run tckeygen. You should
get some output on the logger screen when you run it.

Then start tomcat using tomcat4.ncf. This will generate some output on
the logger screen as well when it starts. the line you said earlier is
not an error but information about which options are used to load
tomcat. If that fails have a look at the log file (catalina.out) and
copy/paste the content here (please dont paste the whole thing, just
the entries of the last start attempt).

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

In article <M3nts.642$kX4.496@kozak.provo.novell.com>, Edward van der
Maas wrote:
> in tcpcon, is there a listener on port 636? If not, your server cert
> has died (for whatever reason). If yes, then run tckeygen. You should
> get some output on the logger screen when you run it.
>

If this is the case, running pkidiag first would be useful.


Andy Konecny
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profiles: http://forums.novell.com/member.php?userid=75037
https://forums.netiq.com/member.php?3330-konecnya

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)


I just checked the output of tcpcon (both IP and TCP) and I did not see
a port 636 listed.
I just tried running tckeygen, and got no output. Is something supposed
to appear after I type in tckeygen?
I just ran catalina.out and the return message I got is: Server
-5.70-151 Unable to find load file Catalina.out <<I'm assuming that's
bad?


--
skairys
------------------------------------------------------------------------
skairys's Profile: https://forums.netiq.com/member.php?userid=3313
View this thread: https://forums.netiq.com/showthread.php?t=46242

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

In article <skairys.5mr5i1@no-mx.forums.netiq.com>, Skairys wrote:
> I just checked the output of tcpcon (both IP and TCP) and I did not see
> a port 636 listed.

This is a problem, so we need to fix it. Use this as a test along the
way. It should also show port 389 running, if not then LDAP isn't running
and needs looking at.

> I just tried running tckeygen, and got no output. Is something supposed
> to appear after I type in tckeygen?

Switch to the logger screen to see the output of tckeygen
Also, tckeygen requires that there be a good server cert to work with
first. Run pkidiag until there are no errors, then tckeygen process again.

> I just ran catalina.out and the return message I got is: Server
> -5.70-151 Unable to find load file Catalina.out <<I'm assuming that's
> bad?

I checked one NW box that is running iManager just fine, but I can't find
any file that resembles Catalina.out, so I wouldn't worry about it at this
point, get secure LDAP working (seeing port 636 will be a clue to that
success)




Andy Konecny
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profiles: http://forums.novell.com/member.php?userid=75037
https://forums.netiq.com/member.php?3330-konecnya

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to access iManager (error 503)

skairys wrote:

>
> I just checked the output of tcpcon (both IP and TCP) and I did not
> see a port 636 listed.
> I just tried running tckeygen, and got no output. Is something
> supposed to appear after I type in tckeygen?
> I just ran catalina.out and the return message I got is: Server
> -5.70-151 Unable to find load file Catalina.out <<I'm assuming that's
> bad?


As Andy suggest, there's something more fundamental broken. Your LDAP
Server object doesn't have a certificate associated. Run pkidiag, this
will (re)generate the default certificates. Then find the LDAP Server
object associated with the server object and check the SSL/TLS tab and
ensure the certificate field is populated.

This should fix the listener on port 636. From there run tckeygen, wait
for a minute and check the logger screen again.

--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.