When installing OES (Linux), including the SP2 version, in some cases (from what I can tell, when installing without eDirectory), when using iManager to administer the NetStorage service residing on the same server as iManager, you get a “Service not available. Possible cause: Unauthorized” error message. However, the NetStorage service itself runs without problems. Of course, this assumes you have the eDirectory service running somewhere in you network (even on the server in discussion).


Assuming all the required services are running (Apache2, Novell Tomcat4, Novell xsrvd, Novell xregd), all you have to do is to generate a “cacerts” file in /etc/opt/novell/tomcat4/. This file is a SSL certificates repository used by (among others) the iManager plugin for NetStorage to communicate with the XTier service running on the same server.

It seems that this file is not copied from a RPM archive, but it is generated instead (probably by a post-installation script from a RPM). To generate it, you have to use the “keytool” utility from the Java SDK, which generally is already installed on the server.
More specific, you should run the following, as root:

cd /etc/opt/novell/tomcat4/
keytool -import -alias myrootca -keystore cacerts -file /etc/ssl/servercerts/servercert.pem

where “myrootca” is an alias for the certificate to be imported (you can put any name here, but this alias has to be unique within a given certificate repository). “cacerts” is the file name of the certificate repository (which, in our case, will be created since it does not exist) and “/etc/ssl/servercerts/servercert.pem” is the file with the SSL certificate used by the Apache web server.

When running the above command, you will be prompted to introduce a password, which, in this case, must be “changeit” (this is the default one used by Tomcat).

Following the creation of the “cacerts” file, you will have to set the appropriate rights to it:

chown root.www cacerts
chmod 644 cacerts

Now, restart the Tomcat service (rcnovell-tomcat4 restart) and try the tasks below the “File Access (NetStorage)” section, in iManager.

Note: You may encounter one more problem. Even after you get all of the above done, when trying to access the “Files” task from the “File Access (NetStorage) section – you may get the following error:

NetStorage getData: IOExceptionURL = https:// ( https:/// )<your_IP_address_OR_DNS_name>/oneNet/xtier-loginnull

After that, the other tasks also become unavailable, requiring a Tomcat service restart.

The problem is that you didn’t connect to the server using the same name as the one specified in the SSL certificate used by the Apache service running on that server. So, for instance, if you have configured the Apache service to use a SSL certificate with a CN (Common Name) of “my.server.com”, and they connect to the same server, but using the IP address (https:///nps/iManager) instead of the name (https://my.server.com/nps/iManager), you would get the above error. In that case, you should use the server name when connecting to iManager on that server. The same principle applies when using a SSL certificate with a CN of the server’s IP address.

Note: This solution was tested on OES (Linux) with SP2.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

  • whelansIT says:

    With OES2, do the following instead:

    cd /var/opt/novell/tomcat5/conf/
    keytool -import -alias myrootca -keystore cacerts -file {location to certificate file, eg /etc/apache2/ssl.crt/certificate.crt}

    chown wwwrun.www cacerts
    chmod 644 cacerts

    rcnovell-tomcat5 restart

By: coolguys
Jun 14, 2006
12:00 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow