Troubleshooting iManager 2.0.2 and greater on NetWare 6.5

(Last modified: 22Aug2006)

This document (10090732) is provided subject to the disclaimer at the end of this document.


Troubleshooting iManager 2.0.2 and greater on NetWare 6.5


Novell NetWare 6.5

Novell eDirectory 8.7.3 for All Platforms

Novell iManager 2


Unable to access iManager at https ://ipaddress/nps/iManager.html

Unable to access iManager


For iManager to install and work properly, the following items must be functioning on the server

1.  SSL (Server Certificates)
2.  LDAP over SSL
3.  Tomcat
4.  Apache

For the following information, the server name of "Server1" is assumed and resides in the context O=Novell.

1.  Check for Server Certificates

In ConsoleOne verify the following certificate objects exist in the same context as Server1.
SAS Service - Server1
SSL CertificateIP - Server1
SSL CertificateDNS - Server1

If these objects do not exist, download PKIDIAG.NLM and run PKIDIAG with options 4 then 0 to automatically recreate them.

If these objects do exist, run PKIDIAG.NLM with options 4 then 0 to verify the configuration of these objects.

Note:  PKIDIAG writes to the log file SYS:\ETC\Certserv\REPAIR.LOG   You may check this log file for any unresolved errors.

For testing purposes, you may also attempt to create a new certificate for Server1.  Do this in ConsoleOne by creating a new object of type NDSPKI:Key Material in the same context as Server1 and specifying Server1 as the server for this certificate.  If this is successful then the tree CA (Certificate Authority) is functioning.   Once created, do a validation check on the SSL Certificate created.  In ConsoleOne select the Properties of the objects.  On the Certificate tab select the Validate button to validate the certificate.  Do this for the Trusted Root certificate and Public Key certificate for this object. 

If the creation of a new Certificate fails then there may be tree CA issues that need to be resolved/investigated.

2.  LDAP over SSL

To determine if LDAP over SSL is configured or working, at the server console unload NLDAP.NLM and load NLDAP.NLM.  The modules NTLS.NLM and SASL.NLM should auto load.  If they do not then, LDAP on this server is not configured for SSL.  Even if they do auto load, you still need to verify LDAP over SSL. 

Verify the LDAP server and LDAP group objects exist for Server1

Check the following attributes on the LDAP Server object.
General tab -  LDAP group is configured.
SSL/TLS Configuration tab  - TLS (SSL) port is 636.
Disable SSL port is not checked.
Server Certificate is configured.  (This should be configured with one of the certificates like SSL CertificateDNS.) 
Other tab - Verify the ldapConfigVersion attribute value is 8. (eDirectory 8.7.3)
Other tab - Verify the ldapConfigVersion attribute value is 7. (eDirectory 8.7.1)

Check the following attributes on the LDAP Group object.
Server list tab - The LDAP server object is in the LDAP server list.
Other tab - Make sure the ldapConfigVersion attribute has proper value.For eDir 8.7.1 value should be 7.For eDir value should be 8.
Other tab - Verify the ldapConfigVersion attribute value is 8. (eDirectory 8.7.3)
Other tab - Verify the ldapConfigVersion attribute value is 7. (eDirectory 8.7.1)

Once this configuration is complete, when NLDAP loads it should auto load NTLS and SASL and ports 389 and 636 will show as being bound and listening in TCPCON. 

Verify LDAP is working by following  TID# 10066259 - How to test LDAP over SSL       

To assist in LDAP loading or operation, troubleshooting the following can be done to gather information on what the problem may be. 

Obtaining LDAP log file information from a NetWare server.

Load ConsoleOne and find the LDAP server in the tree you want the log file for.  Right click the object and view the properties.  Click the Screen Options tab.  Select every option except Packet Dump or Decoding.  Click the apply button and close.  Go to the server console and unload / load NLDAP.  This makes sure the trace options are enabled. 
At the server console type the following: 
Unload NLDAP and then load NLDAP


NOTE:  If GWIA loads before NLDAP in the Autoexec.ncf then GWIA's Ldap will take the ldap ports.  In order for iManager to install correctly, NLDAP must load before GWIA in the Autoexec.ncf.

3.  Verify that Tomcat is loading properly 

Troubleshooting Tomcat consists of loading TOMCAT4 and viewing the logger screen for errors.  To stop Tomcat type at the server console  TC4STOP.  Wait about a minute and then type TOMCAT4Tomcat will take two to three minutes to complete loading.  When done the following line should appear on the Logger screen.

INFO: JK2: ajp13 listening on / 

If you do not see the ajp13 listening on port 9010 message, then Tomcat is not loading properly or is still in the process of coming up. 

-Verify that you can ping localhost. At the server console type "ping localhost".  Tomcat looks at several files when initializing and these files reference https ://localhost:636.

-Type JAVA -SHOW at the console screen and you should see at least one if not two instances of tomcat running (org.apache.catalina.startup.Bootstrap)

-Whenever the server certificates have changed, Tomcat will need to have its certificate re-exported. On NetWare 6.5 SP1 the file to re-export the certificate is called TCKEYGEN.NCF, prior to Support Pack 1, TCEDIRINIT.NCF can be used.  When these NCF's are run, they export the SSL certificate to the keystore.  The certificate file is located at SYS:\admsrv\conf\.keystore.  You may want to move the .keystore file out of this directory before entering TCEDIRINT.NCF/TCKEYGEN.NCF to verify a new one is created. 

See TID# 10087091 - Tomcat 4 on NetWare 6.5 will not load for more information on Troubleshooting Tomcat4

4.  Verify that Apache is loading properly 

Verify the Apache Server is running.  On NetWare 6.5 it will show up as a screen labeled "Apache 2.0.4x for NetWare".  You can also go into TCPCON and verify that ports 80 and 443 are listening.  To stop the Apache web server on NetWare 6.5 is AP2WEBDN and then AP2WEBUP

If you get a 404 error when trying to access the /nps/servlet/configure page, most likely the INCLUDE statement for the nps-apache.conf file is missing from the Apache configuration file (SYS:\APACHE2\CONF\HTTPD.CONF)  Verify there is an INCLUDE statement the same as below.  

Include sys:/tomcat/4/conf/nps-Apache.conf

Another reason that you may get a 404 error when trying to access the iManager URL is because there are listen statements in the sys:/adminsrv/conf/adminsrv.conf file:

In this file you will look for the following comment, you must make sure that your IP address are correct in this file, also make sure that in this file your server name is correct throughout the file:

# NetWare Web Manager config starts

Listen ServerIPAddess:2211
SecureListen ServerIPAdress:2200 "SSL CertificateDNS"
#   Listen ServerIPAddress:2200

LoadModule headers_module modules/headers.nlm
Header set Cache-Control: no-cache

<VirtualHost ServerIPAddress:2200>

***Also you must make sure that NILE.NLM is listed in the AUTOEXEC.NCF, if not edit the file to load it there (you can list it after BSTART), then reboot the server.


After verifying the 4 areas above, the server should be prepared to run iManager.  

If a previous iManager install failed, or you are unable to get into iManager after verifing the above, restart the iManager installation using the NetWare 6.5 Products CD or NetWare 6.5SP1a Overlay Prodcuts CD.  

Before starting the install, rename the following files on the server 


If there are issues during the installation, the errors will be captured in these files.


If you would like to view a presentation of this solution you can go to the  iManager TroubleShooting Guide


Document Title: Troubleshooting iManager 2.0.2 and greater on NetWare 6.5
Document ID: 10090732
Solution ID: NOVL95069
Creation Date: 28Jan2004
Modified Date: 22Aug2006
Novell Product Class:Beta
Management Products
Novell eDirectory


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.