Check for the following problems if you have installed your Administration Console on one machine and the Identity Server on another machine:
Is the firewall enabled on the Administration Console or the Identity Server?
The firewall needs to have the following ports opened between the machines so that the Identity Server can import into the Administration Console:
The Identity Server firewall also needs to have ports 8080 and 8443 open between the server and the clients in order for the clients to log into the Identity Server. For more information about firewalls and ports, see Setting Up Firewalls
in the NetIQ Access Manager 3.2 SP3 Setup Guide.
Time needs to be synchronized between the two machines. Make sure that both machines have been configured to use a Network Time Protocol server.
If firewalls and time synchronization do not solve the problem, run the reimport script. See Section A.3.2, Reimporting the Identity Server for instructions.
Verify that the Administration Console is up by logging into the Administration Console from a Web browser.
Verify that you can communicate with the Administration Console. From the command line of the Identity Server machine, enter a ping command with the IP address of the Administration Console.
If the ping command is unsuccessful, fix the network communication problem before continuing.
In the Administration Console, delete the Identity Server.
For more information about how to delete the Identity Server in the Administration Console, see Managing an Identity Server
in the NetIQ Access Manager 3.2 SP3 Identity Server Guide.
On the Identity Server machine, change to the jcc directory:
Linux: /opt/novell/devman/jcc
Windows: \Program Files\Novell\devman\jcc
Run the reimport script for jcc:
Linux: ./conf/reimport_nidp.sh jcc
Windows: conf\reimport_nidp.bat jcc
Run the reimport script for the Administration Console:
Linux: ./conf/reimport_nidp.sh nidp
Windows: conf\reimport_nidp.bat nidp <admin>
Replace <admin> with the name of your administrator for the Administration Console.
If these steps do not work, reinstall the device.
If the Identity Server fails to install, check the installation logs.
The installation logs are located in the /tmp/novell_access_manager directory. The following log files should contain useful content. Check them for warning and error messages.
Table A-1 Installation Log Files for the Linux Identity Server
Log File |
Description |
---|---|
inst_nids_<date&time>.log |
Contains the messages generated for the Identity Server module. |
inst_main_<date&time>.log |
Contains the Tomcat messages generated during the installation. |
inst_jcc_<date&time>.log |
Contains the messages generated for the communications module. |
inst_audit_<date&time>.log |
Contains the messages generated for the Novell auditing components. |
inst_devman_<date&time>.log |
Contains the messages generated for the interaction between the Identity Server and the Administration Console. |
The installation logs are located in the \Program Files\Novell\Tomcat\webapps \nps\WEB-INF\logs\install directory. The following log files should contain useful content. Check them for warning and error messages.
Table A-2 Installation Log Files for the Windows Identity Server
Log File |
Description |
---|---|
basejar_InstallLog.log |
Contains the messages generated when installing the Identity Server JAR files. |
base_InstallLog.log |
Contains the messages generated during the installation of the Identity Server. |
nauditjar_InstallLog.log |
Contains the messages generated when installing the Novell Audit JAR files. |
nauditjar_InstallLog.log |
Contains the messages generated for the Novell auditing components. |
NIDS_Pluginjar_InstallLog.log |
Contains the messages generated when installing the Identity Server plug-in JAR. |
NIDS_Plugin_InstallLog.log |
Contains the messages for the plug-in component. |
NMASjar_InstallLog.log |
Contains the messages generated when installing the NMAS JAR files. |
NMAS_InstallLog.log |
Contains the messages for the NMAS component. |