A.3 Troubleshooting an Identity Server Import and Installation

A.3.1 The Identity Server Fails to Import into the Administration Console

Check for the following problems if you have installed your Administration Console on one machine and the Identity Server on another machine:

  • Is the firewall enabled on the Administration Console or the Identity Server?

    The firewall needs to have the following ports opened between the machines so that the Identity Server can import into the Administration Console:

    • 8444
    • 1443
    • 1289
    • 524
    • 636

    The Identity Server firewall also needs to have ports 8080 and 8443 open between the server and the clients in order for the clients to log into the Identity Server. For more information about firewalls and ports, see Setting Up Firewalls in the NetIQ Access Manager 3.2 SP3 Setup Guide.

  • Time needs to be synchronized between the two machines. Make sure that both machines have been configured to use a Network Time Protocol server.

  • If firewalls and time synchronization do not solve the problem, run the reimport script. See Section A.3.2, Reimporting the Identity Server for instructions.

A.3.2 Reimporting the Identity Server

  1. Verify that the Administration Console is up by logging into the Administration Console from a Web browser.

  2. Verify that you can communicate with the Administration Console. From the command line of the Identity Server machine, enter a ping command with the IP address of the Administration Console.

    If the ping command is unsuccessful, fix the network communication problem before continuing.

  3. In the Administration Console, delete the Identity Server.

    For more information about how to delete the Identity Server in the Administration Console, see Managing an Identity Server in the NetIQ Access Manager 3.2 SP3 Identity Server Guide.

  4. On the Identity Server machine, change to the jcc directory:

    Linux: /opt/novell/devman/jcc

    Windows: \Program Files\Novell\devman\jcc

  5. Run the reimport script for jcc:

    Linux: ./conf/reimport_nidp.sh jcc

    Windows: conf\reimport_nidp.bat jcc

  6. Run the reimport script for the Administration Console:

    Linux: ./conf/reimport_nidp.sh nidp

    Windows: conf\reimport_nidp.bat nidp <admin>

    Replace <admin> with the name of your administrator for the Administration Console.

  7. If these steps do not work, reinstall the device.

A.3.3 Check the Installation Logs

If the Identity Server fails to install, check the installation logs.

Linux Installation Logs

The installation logs are located in the /tmp/novell_access_manager directory. The following log files should contain useful content. Check them for warning and error messages.

Table A-1 Installation Log Files for the Linux Identity Server

Log File

Description

inst_nids_<date&time>.log

Contains the messages generated for the Identity Server module.

inst_main_<date&time>.log

Contains the Tomcat messages generated during the installation.

inst_jcc_<date&time>.log

Contains the messages generated for the communications module.

inst_audit_<date&time>.log

Contains the messages generated for the Novell auditing components.

inst_devman_<date&time>.log

Contains the messages generated for the interaction between the Identity Server and the Administration Console.

Windows Installation Logs

The installation logs are located in the \Program Files\Novell\Tomcat\webapps \nps\WEB-INF\logs\install directory. The following log files should contain useful content. Check them for warning and error messages.

Table A-2 Installation Log Files for the Windows Identity Server

Log File

Description

basejar_InstallLog.log

Contains the messages generated when installing the Identity Server JAR files.

base_InstallLog.log

Contains the messages generated during the installation of the Identity Server.

nauditjar_InstallLog.log

Contains the messages generated when installing the Novell Audit JAR files.

nauditjar_InstallLog.log

Contains the messages generated for the Novell auditing components.

NIDS_Pluginjar_InstallLog.log

Contains the messages generated when installing the Identity Server plug-in JAR.

NIDS_Plugin_InstallLog.log

Contains the messages for the plug-in component.

NMASjar_InstallLog.log

Contains the messages generated when installing the NMAS JAR files.

NMAS_InstallLog.log

Contains the messages for the NMAS component.