20.2 Troubleshooting Identity Manager Engine

The following table lists the issues you might encounter and the suggested actions for working on these issues. If the problem persists, contact your NetIQ representative.

Issue

Suggested Actions

While installing Identity Manager Engine on OES, the following message is reported on the console and in the idminstall.log file located at /var/opt/netiq/idm/log/ directory.

Ensure that the /etc/OES-brand file exists on the OES server. If the file is not present, create a new file and try installing Identity Manager Engine again.

The Identity Manager Engine fails to start when the eDirectory initialization process is in progress. This issue is mostly observed when the eDirectory DIB is very large.

Perform the following steps to workaround this issue:

  1. Navigate to the /etc/opt/novell/eDirectory/conf/ directory.

  2. In the env_idm file, add the SLEEP_BEFORE_ENGINE_STARTUP environment variable and set the value of the variable from 0 to 600. The value is denoted in seconds.

    NOTE:If you provide an invalid value or a value greater than 600, the value defaults to 600.

  3. Restart eDirectory.

  4. (Conditional) Check the ndsd.log to view the messages and logs.

When you run Identity Manager Engine on Linux systems, the /tmp directory runs out of disk space in spite of the available space. You can check this status using df (disk free) and du (disk used) commands. The df command shows no available space while the du command shows that not all the space allocated for /tmp is used. This issue occurs because every Identity Manager driver that is instantiated loads several libraries in the memory. The JVM temporarily copies these drivers to /tmp directory and then deletes them. The deleted files continue to use the memory until the JVM process that created those files is terminated. You can use the lsof command to determine this behavior. Files in this state are marked as deleted. The total disk space consumed depends on the number of drivers running on the server.

The space consumed is relatively static. Therefore, ensure that you provide sufficient extra space in /tmp directory. If the issue persists, restart eDirectory.

In a multi-server environment, an unrecognized extended exception is displayed.

Ensure that the primary server has a read-write partition for the secondary server:

  1. Log in to iManager.

  2. Click Roles and Tasks > Partitions and Replicas > Replica View.

  3. Select the secondary server.

  4. Assign read-write permissions to the server.

NOTE:Ensure that you have added the secondary server in the driver set.

When you execute a large query through dxcmd, dxcmd exits with a 625 ERR_TRANSPORT_FAILURE error and no result file is generated.

The Identity Manager engine uses the environment variable NCPCLIENT_REQ_TIMEOUT value as the default time to execute a dxcmd query. By default a NCP connection has a timeout of 115 seconds. If the time taken for executing the query and returning the result exceeds this value, the error will be seen.

Increase the timeout value by setting the environment variable NCPCLIENT_REQ_TIMEOUT to a number of seconds larger than the total time the query takes. Setting the environment variable permanently for dxcmd can be accomplished by adding export NCPCLIENT_REQ_TIMEOUT=value to the dxcmd script /opt/novell/eDirectory/bin/dxcmd. It is also possible to set the variable manually in the terminal from which the script is being executed by running export NCPCLIENT_REQ_TIMEOUT=value prior to executing dxcmd.