Novell NetWare 5.1
Novell NetWare 6.0
Novell NetWare 6.5
Novell iPrint for Linux Open Enterprise Server Support Pack 1 Print Manager
Novell iPrint for Linux Open Enterprise Server Support Pack 1 Driver Store
Novell iPrint for NetWare
Novell Open Enterprise Server 2 (OES 2)
Managing iPrint through iManager does not work on an OES2 SP1 Server (migrated from NetWare)
Any iManager function that involves more than eDirectory access fails. The failure is different based on the web browser used. For Internet Explorer for example, you get an error window with "Internet Explorer cannot display the webpage". For Mozilla the iManager error message is "IPP Error: 0x1007".
This error indicates that the connection fails because of an untrusted CA. So there must be an issue with the SSL certificate for the server. When checked, the certificate properties show that the certificate was signed with a CA that is different from the CA of the current tree. Generating new certificates for the server based on the current tree CA fixes the problem.
Debugging steps:
* enable maximum logging in iManager. The iManager log reports something like the following:
03/27/09 [09:52:13.027] PropertyBook.......1582
java.net.SocketException: Connection reset<BR>IPP Error: 0x1007
03/27/09 [09:52:13.027] PropertyBook.......1582
com.novell.emframe.dev.PageException: java.net.SocketException: Connection resetIPP Error: 0x1007 at com.novell.admin.iPrint.iPrintUtil.processExceptionWithTitle(Unknown Source) at com.novell.admin.iPrint.iPrintUtil.processException(Unknown Source)
…
* given that the iManager server communicates with the iPrint server through https, check the apache2 error log in /var/log/apache2/ on the iPrint server. This reports the following errors:
[Fri Mar 27 15:02:34 2009] [warn] [client 192.168.1.1] [15653] authnz_ldapdn authenticate: Could not open connection to ldap server: [LDAPDN: ldap_simple_bind_s() failed][Can't contact LDAP server] httpd2-worker: extended.c:132: ldap_extended_operation_s: Assertion `ld != ((void *)0)' failed.
[Fri Mar 27 15:02:34 2009] [notice] child pid 15653 exit signal Aborted (6)
[Fri Mar 27 15:02:34 2009] [warn] [client 192.168.1.1] [22483] authnz_ldapdn authenticate: Could not open connection to ldap server: [LDAPDN: ldap_simple_bind_s() failed][Can't contact LDAP server] httpd2-worker: extended.c:132: ldap_extended_operation_s: Assertion `ld != ((void *)0)' failed.
[Fri Mar 27 15:02:35 2009] [notice] child pid 22483 exit signal Aborted (6)
* given the apache2 log contains ldap errors, use dstrace to debug the ldap traffic while trying to manage iPrint. Instructions how to debug LDAP on eDirectory can for example be found in TID10062292.
15:13:08 B6EC8BA0 LDAP: New TLS connection 0xd81e280 from 192.168.1.10:19410, monitor = 0xaa369ba0, index = 4
15:13:08 AA369BA0 LDAP: Monitor 0xaa369ba0 initiating TLS handshake on connection 0xd81e280
15:13:08 B60BABA0 LDAP: DoTLSHandshake on connection 0xd81e280
15:13:08 B60BABA0 LDAP: TLS accept failure 1 on connection 0xd81e280, setting err = -5875. Error stack: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca - SSL alert number 48
15:13:08 B60BABA0 LDAP: TLS handshake failed on connection 0xd81e280, err = -5875
15:13:08 B60BABA0 LDAP: BIO ctrl called with unknown cmd 7
15:13:08 B60BABA0 LDAP: Server closing connection 0xd81e280, socket error = -5875
15:13:08 B60BABA0 LDAP: Connection 0xd81e280 closed