The following table lists the issues you might encounter and the suggested actions for working on these issues. If the problem persists, contact your NetIQ representative.
Issue |
Suggested Actions |
---|---|
If the LDAP Server Name specified in the Certificate Subject and the Application Configuration are different, the Identity Applications fails to connect to the Identity Vault after upgrading Identity Manager. This issue is observed from Identity Manager 4.7.1.1 onwards. |
Identity Manager 4.7.1.1 uses Java version 1.8.0_181. From this version onwards, Java has enabled endpoint identification on LDAPS connections and thus mandates that the server name that you specify while connecting to the Identity Manager server and the server name returned in the certificate are the same. If the server names are different, perform the following steps:
|
When Identity Applications and Identity Reporting are installed on the same server and you perform configuration changes using the configuration update utility located at <reporting install folder>/bin directory, the Identity Manager Dashboard fails to launch. Following error is reported in catalina.out log file for Tomcat: EboPortalBootServlet [RBPM] +++++WARNING!!!!: This portal application context, IDMProv, does not match the portal.context property set in the PortalService-conf/config.xml file. Only one portal per database is allowed. Data has been loaded using the previous portal context. To correct this you must revert back to the previous portal name of, NoCacheFilter, please consult the documentation. |
For any configuration changes, use the configuration update utility located at /opt/netiq/idm/apps/configupdate/ directory. |
If Identity Applications and Identity Reporting are installed on the same server and CEF auditing is enabled through the configuration update utility (configupdate.sh), both the components fail to launch. NOTE:This issue is not observed when Identity Applications and Identity Reporting are installed on different servers. |
Perform the following steps to workaround this issue:
|
If your Identity Applications and Identity Reporting are installed on the same server and you choose the database creation option as Startup, you will notice some exceptions in the log. |
To clear the exceptions, manually restart Tomcat. |
If your existing Identity Applications or Identity Reporting configuration has been configured without ports, and you try to upgrade to Identity Manager 4.7 version, the IP address and ports mentioned under the Authentication and SSO Clients tab in the configuration update utility displays incorrect values. |
Once you upgrade Identity Applications and Identity Reporting to 4.7 version, perform the following steps:
|
You want to modify one or more of the following the User Application configuration settings created during installation:
|
Run the configuration utility independent of the installer. Linux: Run the following command from the installation directory (by default, /opt/netiq/idm/apps/configupdate/): ./configupdate.sh |
Starting Tomcat causes the following exception: port 8180 already in use |
Shut down any instances of Tomcat (or other server software) that might already be running. If you reconfigure Tomcat to use a port other than 8180, edit the config settings for the User Application driver. |
When Tomcat starts, the application reports it cannot find trusted certificates. |
Ensure that you start Tomcat by using the JDK specified during the installation of the User Application. |
Cannot log in to the portal admin page. |
Ensure that the User Application Administrator account exists. This account is not the same as your iManager administrator account. |
Cannot create new users even with administrator account. |
The User Application Administrator must be a trustee of the top container and should have Supervisor rights. You can try setting the User Application Administrator’s rights equivalent to the LDAP Administrator’s rights (using iManager). |
Starting application server throws keystore errors. |
Your application server is not using the JDK specified during the installation of the User Application. Use the keytool command to import the certificate file: keytool -import -trustcacerts -alias aliasName -file certFile -keystore ..\lib\security\cacerts -storepass changeit
|
Email notification not sent. |
Run the configupdate utility to check whether you supplied values for the following User Application configuration parameters: Email From and Email Host. Linux: Run the following command from the installation directory (by default, /opt/netiq/idm/apps/UserApplication/): ./configupdate.sh |