29.1 Troubleshooting the User Application and RBPM Installation

The following table lists the issues you might encounter and the suggested actions for working on these issues. If the problem persists, contact your NetIQ representative.

Issue

Suggested Actions

The upgrade process does not set the default User Application Administrative account as cn=uaadmin.ou=sa.o=data. The following error is logged to the catalina.out file.

AuthorizationManagerService [RBPM] Error occured calculating effective rights for attribute: nrfAccessMgrRevokeRole on object: cn=complianceAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=Driver Set,o=system for trustee: cn=uaadmin,ou=sa,o=data.com.novell.srvprv.spi.security.IDMAuthorizationException: Error occured calculating effective rights for attribute: nrfAccessMgrRevokeRole on object: cn=complianceAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=Driver Set,o=system for trustee: cn=uaadmin,ou=sa,o=data.at com.novell.idm.security.authorization.ldap.LdapRightsUtil.getPropertyRights(LdapRightsUtil.java:152)
Unable to fetch roles from edirectory in the predefined time set.
  1. Navigate to the setenv.bat file and change the value for -Dncpclient_req_timeout property to 1150 in the CATALINA_OPTS entry.

  2. Restart Tomcat.

You want to modify one or more of the following the User Application configuration settings created during installation:

  • Identity Vault connections and certificates

  • E-mail settings

  • Identity Manager Engine User Identity and User Groups

  • Access Manager or iChain settings

Run the configuration utility independent of the installer.

Run the following command from the installation directory (by default, C:\NetIQ\idm\apps\UserApplication\):

configupdate.bat

Starting Tomcat causes the following exception:

port 8180 already in use

Shut down any instances of Tomcat (or other server software) that might already be running. If you reconfigure Tomcat to use a port other than 8180, edit the config settings for the User Application driver.

When Tomcat starts, the application reports it cannot find trusted certificates.

Ensure that you start Tomcat by using the JDK specified during the installation of the User Application.

Cannot log in to the portal admin page.

Ensure that the User Application Administrator account exists. This account is not the same as your iManager administrator account.

Cannot create new users even with administrator account.

The User Application Administrator must be a trustee of the top container and should have Supervisor rights. You can try setting the User Application Administrator’s rights equivalent to the LDAP Administrator’s rights (using iManager).

Starting application server throws keystore errors.

Your application server is not using the JDK specified during the installation of the User Application.

Use the keytool command to import the certificate file:

keytool -import -trustcacerts -alias aliasName -file certFile -keystore ..\lib\security\cacerts -storepass changeit
  • Replace aliasName with a unique name of your choice for this certificate.

  • Replace certFile with the full path and name of your certificate file.

  • The default keystore password is changeit (if you have a different password, specify it).

Email notification not sent.

Run the configupdate utility to check whether you supplied values for the following User Application configuration parameters: Email From and Email Host.

Run the following command from the installation directory (by default, C:\NetIQ\idm\apps\UserApplication\):

configupdate.bat