20.5 Troubleshooting Installation and Uninstallation

The following table lists the issues you might encounter and the suggested actions for working on these issues. If the problem persists, contact your NetIQ representative.

Issue

Suggested Actions

You are unable to access Identity Manager Dashboard after restarting the system, where Identity Manager 4.8.x is installed on RHEL 8 operating system. The catalina.log file contains the following warning message:

WARN [com.novell.soa.af.impl.core.WorkflowEngineImpl] (main) [WORKFLOW] Duplicate engine id detected. This engine may not have been shutdown cleanly or another engine is running with engine-id: ENGINE . Waiting 60000 ms for heartbeat to timeout.

This issue occurs if the Tomcat service is not stopped before restarting the system. When the workflow engine starts up, it encounters another node in the cluster with an engine ID that is already in use and logs a warning.

It is always recommended to stop the Tomcat service before restarting the system. If you do encounter the warning, you can resolve it by changing the engine status in the afenginestate table in the igaworkflowdb database. Log in to a database admin tool such as pgAdmin and manually update the engine status to shutdown state.

If you are installing Identity Manager 4.8 on RHEL 8.3, the PostgreSQL service does not start correctly.

Perform the following steps:

  1. Install Identity Manager 4.8 on RHEL 8.

  2. Upgrade the RHEL OS version to 8.3.

  3. Upgrade Identity Manager version to 4.8.3.

Tomcat and ActiveMQ services are in disabled state when you have installed Identity Manager on SLES 15 or SLES 15 SPx (where x denotes all SLES 15 versions supported with Identity Manager).

Perform the following steps:

  1. Log in to the server where Tomcat and ActiveMQ services are disabled.

  2. Install the insserv-compat* RPM. The * symbol denotes the latest version of the RPM.

    NOTE:NetIQ recommends you to obtain the dependent packages from your operating system subscription service to ensure continued support from your operating system vendor. If you do not have a subscription service, you can find the recent packages from a website such as http://rpmfind.net/linux.

  3. Run the following commands to enable the Tomcat and ActiveMQ services:

    systemctl enable netiq-tomcat.service

    systemctl enable netiq-activemq.service

If you are installing Identity Manager 4.8 on RHEL 8.1, the following error messages are displayed when:

  • you run the RHEL-Prerequisite.sh script:

    dnf-utils rpm required but not found
    RHEL 8.1 iso does not contain dnf-utils packages, its replaced by yum-utils
  • you install the Identity Manager Engine component:

    Some of the dependencies required for installation of Identity Vault are not found

Ignore the error messages and proceed with the installation process.

After you upgrade Identity Applications to 4.8 version, the workflow forms fail to render on the Identity Applications. The client password (CientPass) present in /opt/netiq/idm/apps/sites/config.ini is left blank at some scenarios.

To resolve this issue, perform the following steps:

  1. Navigate to the /opt/netiq/idm/apps/sites/ directory.

  2. Edit the config.ini fle and provide the encoded base64 password for the ClientPass parameter.

    NOTE:Specify the same password that you specified for the forms client in the configuration update utility.

  3. Restart the NGINX service.

    systemctl restart netiq-nginx.service

For more information, see TID 7024492.

In a container environment, if you have exceeded the idle time set for the Identity Manager dashboard and the session times out, the Extend button does not work as expected.

Add the com.netiq.idm.session-timeout property in the ism-configuration.properties file of the OSP container.

In a multi-server environment, while trying to deploy a driver to secondary server, LDAP exceptions are displayed.

After the secondary server is installed and partition is added in the Identity Vault for secondary server, you must restart ndsd on both the servers. This also applies if you are installing Identity Manager engine in a container deployment.

In a clustered environment, when you disconnect a node from the network (for example, node 2), and then create roles on the active node (for example, node 1), then the newly-added roles are not synchronized on node 2 when it is connected back to the network.

Perform the following steps on node 2:

  1. Delete the .../temp/permindex files.

  2. Restart Tomcat.

During the configuration of Identity Applications, if you want to connect to an SSPR installed on a remote server, the SSPR configuration will be skipped. However, the sspr.war that was installed during the installation process will be deployed when you restart Tomcat.

If you want to connect to an SSPR installed on a remote server, remove the sspr.war from the /opt/netiq/idm/apps/tomcat/webapps directory before configuring Identity Applications.

During the configuration of Identity Applications, if you use a custom sub-container for Identity Applications Administrator, for example, cn=uaadmin,ou=univ,o=data, then uaadmin will be created under the default container (ou=sa,o=data).

Perform one of the following steps if you want to use the custom sub-container for Identity Applications Administrator:

  • Before configuring Identity Applications, create the ou=univ,o=data custom sub-container.

  • During the configuration process, specify No for the Do you want to use custom container as root container prompt. The custom LDIF file that you will import should contain the custom root container and the sub-container details.

The silent installation process does not check for the system requirements when the silent properties file is created. During silent installation, the log file displays an error message stating that the system requirements are not met.

When you encounter this issue, manually add the IS_SYSTEM_CHECK_DONE parameter in the silent.properties file. To skip the system requirement check, set the value for the IS_SYSTEM_CHECK_DONE parameter to 1.

When you uninstall and reinstall Identity Applications or Identity Reporting, the configuration process fails when setting up database users and schema. This issue is observed when you perform a typical configuration during the re-installation of the component.

When you are reinstalling the Identity Applications or Identity Reporting component, you must perform a custom configuration.

Uninstallation process reports as incomplete but the log file shows no failures.

The process failed to delete the netiq directory that contains the installation files by default. You can delete the directory if you have removed all NetIQ software from your computer.