The restore script replaces the configuration records in the configuration database with the records in the backup of the configuration store. It should be used to restore configuration data for one of the following types of scenarios:
An upgrade failed and you need to return to the configuration before the upgrade.
You want to return to the backed up configuration because the current modified configuration does not meet your needs.
If the primary Administration Console machine has failed, you have lost both the configuration and the configuration database. To recover from this scenario, you need to do more than restore the configuration.
For instructions, see Section 6.6, Moving the Primary Administration Console to New Hardware.
The restore script cannot be used to move the Administration Console to a different platform, even if the new machine is configured to use the same IP address and DNS name. The backup files contains path information that is specific to the operating system. To move the Administration Console from Linux to Windows or Windows to Linux, you need to install a secondary Administration Console on the desired platform, then promote it to being the primary Administration Console. For instructions on this process, see Section 6.7, Converting a Secondary Administration Console into a Primary Console.
The restoration steps are dependent upon whether the Administration Console is installed on its own machine or with other Access Manager components:
NOTE:Restore should be made on the same version that was used to take the backup.
Ensure that the .zip file created during the backup process is accessible.
Log in as root.
(Conditional) If you have modified the Tomcat password in the server.xml file on a Linux Administration Console, back up this file. This file is located in the following directory:
/opt/novell/nam/adminconsole/conf
The feature to modify this password was removed in Access Manager 3.0 SP3.
Change to the utility directory.
Linux: /opt/novell/devman/bin
Windows Server 2008: \Program Files (x86)\Novell\bin
Run the following command:
Linux: ./amrestore.sh
Windows: amrestore.bat
Specify and re-specify the Access Manager administration password.
(Windows) Specify the path to where the backup file is stored.
Specify the name of the backup file. Do not include the .zip extension.
Specify the private key encryption password, then press Enter.
Re-specify the private key encryption password, then press Enter.
(Conditional) If you have modified the Tomcat password or any other configuration on the Linux machine:
Modify the server.xml file with changes that you have made in the Tomcat directory.
/opt/novell/nam/adminconsole/conf
Restart Tomcat with the following command:
/etc/init.d/novell-ac restart OR rcnovell-ac restart
(Windows) Reboot the machine.
(Conditional) If you have a secondary Administration Console installed, reboot the machines.
(Conditional) If any devices report certificate errors, you need to re-push the certificates.
Click Auditing > Troubleshooting > Certificates.
Select the store that is reporting errors, then click Re-push certificates.
You can select multiple stores at the same time.
(Optional) To verify that the re-push of the certificates was successful, click Security > Command Status.
If you are restoring only the Administration Console, other components should still function properly after the restore.
Select the type of machine the Administration Console is installed on:
Whenever you run the amrestore.sh script, the Administration Console is restored as a standalone Administration Console. You must perform the steps described in Step 10 to restore your Identity Server into the configuration.
Ensure that the .zip file created during the backup process is accessible.
Log in as root.
Change to the /opt/novell/devman/bin directory.
Run the following command:
./amrestore.sh
Specify the Access Manager administration user ID.
Specify the Access Manager administration password.
Specify the name of the backup file. Do not include the .zip extension.
Specify the private key encryption password, then press Enter.
Re-specify the private key encryption password, then press Enter.
For the Identity Server, complete the following steps after the restore process has finished:
Remove the Identity Server from the cluster configuration. See Removing a Server from a Cluster Configuration
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.
Delete the Identity Server from the Administration Console. (See Managing an Identity Server
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.)
Uninstall the Identity Server. (See Uninstalling the Identity Server
in the NetIQ Access Manager 3.2 SP2 IR2 Installation Guide.)
This is required if the Identity Server is installed on the machine. If you installed the Identity Server before running the amrestore.sh script, you need to uninstall the Identity Server.
Install the Identity Server. (See Installing the NetIQ Identity Server
in the NetIQ Access Manager 3.2 SP2 IR2 Installation Guide.
If you have customized login pages, error pages, messages, or configuration files, copy these files to the Identity Server.
Reassign the Identity Server to the cluster configuration that it was removed from. (See Assigning an Identity Server to a Cluster Configuration
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.)
Update the Identity Server.
(Conditional) If any devices report certificate errors, you need to re-push the certificates.
Click Auditing > Troubleshooting > Certificates.
Select the store that is reporting errors, then click Re-push certificates.
You can select multiple stores at the same time.
(Optional) To verify that the re-push of the certificates was successful, click Security > Command Status.
To perform a restore when a Windows Administration Console and an Identity Server are installed on the same machine:
Log in as the administrator user.
Run the Access Manager Restore utility.
From a command line, change to the utility directory:
Windows Server 2008: \Program Files (x86)\Novell\bin directory.
Specify amrestore.bat.
Answer the prompts.
Remove the Identity Server from the cluster configuration. (See Removing a Server from a Cluster Configuration
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.)
Delete the Identity Server from the Administration Console. (See Managing an Identity Server
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.)
Install the Identity Server on the Administration Console. (See Installing the NetIQ Identity Server
in the NetIQ Access Manager 3.2 SP2 IR2 Installation Guide.
If you have customized login pages, error pages, messages, or configuration files, copy these files to the Identity Server.
Reassign the Identity Server to the cluster configuration that it was removed from. (See Assigning an Identity Server to a Cluster Configuration
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.)
Update the Identity Server.
Whenever you run the amrestore.sh script, the Administration Console is restored as a standalone Administration Console. You must perform the steps described in Step 10 to restore your ESP-enabled SSL VPN server into the configuration.
Ensure that the .zip file created during the backup process is accessible.
Log in as root.
Change to the /opt/novell/devman/bin directory.
Run the following command:
./amrestore.sh
Specify the Access Manager administration user ID.
Specify the Access Manager administration password.
Specify the name of the backup file. Do not include the .zip extension.
Specify the private key encryption password, then press Enter.
Re-specify the private key encryption password, then press Enter.
For the SSL VPN Server, complete the following steps after the restore has finished:
Remove the SSL VPN Server from the cluster configuration.
Delete the SSL VPN Server from the Administration Console.
Uninstall the SSL VPN server.
Install the SSL VPN server.
Reassign the SSL VPN server to the cluster configuration that it was removed from.
Update the SSL VPN server.
(Conditional) If any devices report certificate errors, you need to re-push the certificates.
Click Auditing > Troubleshooting > Certificates.
Select the store that is reporting errors, then click Re-push certificates.
You can select multiple stores at the same time.
(Optional) To verify that the re-push of the certificates was successful, click Security > Command Status.
NOTE:After running the restore script, verify the logs to confirm that no errors occurred while running the script. The log file location is displayed during the script execution.