Setting up Access Manager and Directory Server for Failover.

Similar Messages

• Unable to use SSL between Access Manager and Directory Server

  I am trying to set up Access Manager to use SSL when communicating with Directory Server. Access Manager 7 is running under Sun Web Server 6.1. I have configured Directory Server to use SSL using a Self-Signed CA and have imported the CA certificate into the certificate database for Web Server. When I change the Access Manager configuration as specified in the Admin Guide to use SSL and restart the Web Server, Access Manager fails with the message
  (among many others)
  netscape.ldap.LDAPException: SSL connection to
  eauth1.arc.nasa.gov:636, SSL_ForceHandshake failed: (-8157) Certificate extension not found. (91); Cannot
  connect to the LDAP server
  I am able to connect to the Directory Server instanc with JXplorer using SSL (with a complaint about an unknown CA). Can someone explain the error message so that I can fix the problem or work around it?
  Thanks

  in the initial part of AMConfig.properties, you'll find an entry similar to trustSSLCerts . This, by default, is set to false. Trying setting it to true (AM web server instance will need a restart). This lets AM continue with SSL handshaking inspite of errors. Am not sure if this affects AM to DS connectivity as well. It sure affects AM to AM communication (in a multiple server configuration).
  Naturally, it is not recommended that you use this feature when you are ready for production, but atleast it'll let you be sure that apart from the cert issue, everything else is okay.
  Hope this helps.

• Installing Access Manager and Directory Server

  Can I install the Access Manager 2005Q4 without installing the directory server?
  The products selected for installation have dependency requirements or installation options as indicated below.
  Sun Java(TM) System Directory Server 5 2005Q4
  ------------------------------------------------------------------------

  Everytime I click the Access Manager in the JES 2005Q4installer the directory server would click itself. Unchecking this prompted me for a remote repository which worked.
  I wasn't able to get the install to complete with the state file, it stopped before configuring access manager.

• How to best set up a mail and calendar server for a church

  I am the IT guy for a smaller church of 200 regular attendees.  We want to start hosting our own mail and calendar server.  We bought a mac mini and installed mac os x server.  So far I have enabled the mail, calendar, and contacts sections of the server but we aren't live quite yet (domain is not pointed at the server yet).  My question is, I do not know much about profile manager or open directory, would those benefit me at all?  I do not wish to manage devices, I just want to make the most use out of the computer as a mail server primarily.  I have found some limitations on users and groups where I wish I could do more (such as creating mailing lists that include e-mails that are not hosted from within the server without creating a user that forwards to personal e-mail for every person). 
  Would open directory and/or profile manager add more functionality to the computer as a mail server?
  Thank you

  @camelot
  What is it exactly open directory will give me that I cannot do with the regular software in this regard?  I am not sure what you mean by a signle shared mailbox and calendar.
  @cpragman
  Google apps for business was something I was looking into at one point but decided not to use it.  Once we grow more I can see us moving over to it but with just maybe 5 people tops having a real e-mail address it seems a little overkill.  (I apologize, I omitted that from my original question, i only put in the number of attendees)
  @Lincdavis
  Fortunately I don't care about whether they can create it themselves or not .  And your comment about creating a sharing-only user.  Do you mean for every external e-mail I want in a mailing list, I need to create a user for them (with services disabled) and then change mail options to forward to their personal e-mail? 
  Then go back to groups, create a group that can be e-mailed, and add those users to it? 
  Thanks

• How to change LDAP server setting in Access Manager 6.2

  Hi,
  We have initially set authentication as a SunONE Directory Server 5.1 (master DS1) in Sun Java System Access Manager 6.2. In both /etc/opt/SUNWam/config/serverconfig.xml
  /etc/opt/SUNWam/config/AMConfig.properties
  conf files, DS1 was set initially. Also on console's Service Configuration ->LDAP->Primary LDAP Server was set as "DS1"
  Now the problem is that I am not able to change the DS1 to the other master "DS2". I set DS2 in both above conf files and also the Service Configuration page as Primary LDAP Server. I restarted the server. When I stopped the DS1, I couldn't login access manager console with any user. It looks like it is still trying to get authentication from DS1.
  Does anybody know what I am missing here?
  Regards,

  After hopeless tries, I finally made it work;) The trick was actually updating the sunKeyValue attribute of the entry:
  "dn:ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAPService,ou=ser
  vices,dc=company,dc=com" in one of the master DS I have.
  Even though I set DS2 and loadBalancer hosts in all conf files and in Primary LDAP conf in amconsole's Service Configuration, it just didn't work until I inserted loadBalancer host in sunKeyValue attribute.
  Hope it helps to someone....
  -Bora

• How to set up a basic file sharing server for my small architectural business?

  I have no idea if I have posted in the correct area as this is my first forum post within the apple support community!
  I have been using a 21.5" imac running 10.6.8 for the past 5 years to run my small home based architectural design business. I have been using the internal hard drive & backing up the necessary data to a simple usb external hard drive. I am now looking to firstly purchase a new imac 27" retina and purchase new autocad lt 2015 for mac software. I am looking to have another imac (my old mac) running in conjunction with the new mac. I want both macs to be able to access the same data and am slightly unsure what is the best way to achieve this.....As my old mac is currently only running snow leopard and an old version of autocad for mac 2011 it wont run on any more recent OS. Essentially i believe I have 2 main options with this.... (1) I Accept that I have to purchase 2 no. autocad lt 2015 licences @ a cost of £2300. Or option (2), I only run autocad on the new mac as this will be the primary station and the old mac used for primarily for admin & accounts. I have also recently discovered that it is possible to rent autocad licences for £300p/a which may also be another option (3)!
  I previously had a problem where my hard drive failed on my mac & lost all data on the internal hard drive, luckily I had been backing up all data regularly to my external hard drive and now loss occurred! Obviously with any new system I want to ensure that my data is safe!
  I currently utilise about 250GB of data for business operations but this will obviously grow with time.
  In the future I would like to have the option of potentially being able to access the network data remotely via macbook pro whilst abroad although at this stage this really isnt my primary objective. Although I believe I could achieve this through apple remote desktop.
  I suppose I should provide some information with regard to the required speed of the system...I regularly open 50-100 photos at the same time totalling around 250-500MB. I would like the system to be able to handle this fairly easily.
  I have been trawling through forums and to be honest they are totally confusing me. I have also spent time on the phone to the apple business team and have also discussed my objectives with a member of the apple team in store.
  There have been various options advised to me and I really do not know which is the most appropriate route forward.
  1 - Using a mac mini as the file server and linking the 2 mac devices to this and backing up the mac mini to an external hard drive to ensure no loss of data.
  2 - Using a time capsule as a file server and linking the 2 mac devices to this and backing up the TC to an external hard drive to ensure no loss of data.
  3 - Using the new mac hard drive and linking the 2 macs via thunderbolt (old mac does not have thunderbolt and so I guess I would need another new mac?!) and then backing up the data to a time capsule.
  4 - Using a RAID based server and linking the 2 no. macs.
  Sorry to ramble but any advice really would be greatly received!

  Hi sblemings,
  Welcome to the community.
  I think with your scenario you should ask yourself, how complicated do you want the setup to be and how much time would you have to be able to resolve an issue should one occur with this setup.
  All the options that have been advised would work but they come with complexity and therefore time.
  1 - Using a mac mini as the file server and linking the 2 mac devices to this and backing up the mac mini to an external hard drive to ensure no loss of data.
  2 - Using a time capsule as a file server and linking the 2 mac devices to this and backing up the TC to an external hard drive to ensure no loss of data.
  3 - Using the new mac hard drive and linking the 2 macs via thunderbolt (old mac does not have thunderbolt and so I guess I would need another new mac?!) and then backing up the data to a time capsule.
  4 - Using a RAID based server and linking the 2 no. macs.
  Sorry to ramble but any advice really would be greatly received!
  option 1
  Would be a way to achieve what you want, it would centralise your files and you would only need to backup your file server (as long as all the files you wanted backed up were on it). This could be achieved either using the client and sharing various folders or using Server which would give you more options than you would possibly need.
  option 2
  This is exactly like option 1 except that you wouldn't have to administer another mac however you may limit any future growth.
  option 3
  This option I probably wouldn't pick, you could achieve this with firewire and use a firewire to thunderbolt adapter (saves you having to buy a new iMac)
  option 4
  This option would, depending on your RAID level, give you disk redundancy but remember you would still need to back this up, as RAID is NOT a backup solution.
  I would also ask is there a pressing need to keep the old iMac in service and complicating things by having a server / NAS? Could you not just transfer all your information over to this and continue with the one backup? I would say that doing it this was would be the simplest way of achieving what you want from what I can take from your question.
  As for remotely accessing your data, if you have the right hardware the way to achieve this would be to use a VPN and connect back to your data. However a potentially easier way for you ,would be to use a service like logmein or teamviewer to connect back.
  Hope this helps, and by all means any questions please ask.
  Dan
  How to set up a basic file sharing server for my small architectural business?

• Can't login System Access Manager and Delegated Administrator page

  Hi.
  Suddenly I can't log in System Access Manager & Delegated Administrator page. Yesterday,I could.
  Do you help me?
  thanks.

  k-m-i wrote:
  Suddenly I can't log in System Access Manager & Delegated Administrator page. Yesterday,I could.Given that you have provided nothing in the way of usable information to isolate the problem I can only suggest restarting your directory server (assuming it hasn't crashed) then restarting the web-container hosting Access Manager and see if that fixes the problem.
  If not, you will have to look further into the web-server logs and the directory server logs to see why the problem is occurring.
  Regards,
  Shane.

• Need help w/ setting up ports to run a server for America's Army

  Need help w/ setting up ports to run a server for America's Army. I read wat u need to change the ports but i dont understand wat to put. here is wat the site says
  Q: How do I run my own server?
  A: Quick and dirty server info:
  1. Edit RunServer.bat to change the map.
  2. Run RunServer.bat
  Or:
  server.exe LAN MAPNAME.aao (Host a LAN game)
  server.exe global MAPNAME.aao (Host a Public game)
  Also: When you create a server setup and want to allow other users to join your server, you need make sure the following ports are open for outgoing and incoming traffic in your firewall: 1716 (UDP), 1717 (UDP), 20025-20045 (TCP), and 20047 (TCP). Failure to open these ports will prevent the server from accepting connections from other players or prevent other players from being able to see your server online.
  There are several settings that also need to be defined in your server configuration INI file (in the Windows version, these files are located in “My Documents\America’s Army Server Settings\{settings file name}.ini”).
  [Engine.GameEngine]
  ServerActors=Andromeda.AndromedaMBS
  [Andromeda.Andromeda]
  GameServerIp=
  Make sure that you set the actual IP address of the America’s Army Server under GameServerIp= (for example, “GameServerIp=000.000.000.000”). The supplied address must be your actual internet IP address, if this is left blank or you supply the IP address for your internal network (such as 192.168.0.x), your server will not be able to accept connections from the internet.
  If your server.ini file contains the setting shown below, please change the QueryPort setting to 20025. This setting can also be removed, as the default setting is port 20025.
  [Andromeda.AndromedaMBS]
  QueryPort=20025
  Punkbuster user fix correction.
  If [Engine.GameEngine] block has been changed to read as below:
  [Engine.GameEngine]
  ServerActors=IPDrv.AndromedaMBS
  Please add the following block to your INI file:
  [IpDrv.AndromedaMBS]
  QueryPort=20025
  (Last Updated: 2006-04-20)

  Your images are not stored in the catalog. They are stored in folders on your computer. If you imported images that were already on your computer using the "Add" Option they are still in that same folder. If you imported images from your camera then they are in the folders that you specified when you imported. The catalog points to those images wherever they are located, and records all of the adjustments that you make to the image. When you send an image to Photoshop for further editing and save that image in Photoshop, it is normally saved back in the same folder as the original image.
  Images are not "saved" in Lightroom. The basic default workflow in Lightroom is to store all of the adjustments in the catalog, leaving the original image completely unmodified. The catalog becomes the central controlling mechanism. It is a database that contains pointers to where the images are located and a record of all adjustments made to those images using Lightroom. Properly managed, you only have those original master files and secondary files for the ones that you have sent to Photoshop for further adjustment. When you want to provide a copy for someone else, you use the export dialogue for that purpose. I often export JPEG images to share with others or to post on the web. After I have usedthe JPEG for its intended purpose I delete it.

• OAM and Directory Server Interaction

  I am in the middle of continued fact finding for implementing OAM. One question that has come up is how does OAM use the directory server it is configured to connect to. We would like to use AD as our authentication source but the word is Hell No if OAM is going to try to write data back into the directory server or store data in the directory server as our AD Admins are mandating that OAM will only be given read only, normal user level rights even if it requires write privileges and directory admin rights to function. I have search the manuals and have yet to find a really good explanation of how it works and uses the Database Schema and Directory Server. I suspect it is read only but I need to know ahead of time so I can make everyone aware that were going to have to run multiple directory systems due to the imposed limitation on AD access.

  Anybody??? I really need help with this....

• Lost connection between ovm-manager and ovm-server (ovm 3.1)

  Hi,
  I have a manager as a VM on my laptop and a physical server as an ovm-server. Everything is fine when i boot the server but after some time, the manager stop to show the information from the server. in the ovs-agent log file the following messages are repeated regulary
  [2013-08-29 13:06:19 6160] DEBUG (notification:289) Trying to connect to manager.
  [2013-08-29 13:06:20 6160] DEBUG (notification:291) Connected to manager.
  [2013-08-29 13:06:20 6160] ERROR (notification:316) No manager Core API server object for 10:60:4b:88:bc:24:10:60:4b:88:bc:25:fe:ff:ff:ff.
  [2013-08-29 13:06:34 6171] ERROR (notification:64) Unable to send notification: (111, 'Connection refused')
  I did not reboot neither the server nor the manager. No IP change. Rebooting the manager has no effect.
  The only way to restore communication is to restart the ovs-agent on the server, but this restart disable the network card. I must be physical on the server to restart the network.
  any help will be very helpful
  best regards
  Jean-Marc

  Hi,
  The are many steps to verify:
  Verify with your firewall on the Oracle VM Manager system (service iptables stop).
  Verify with a ping between OVM Manager and OVM Server using the IP Address and using the hostname for each one (from OVM Manager : ping ovm-server ; and from OVM Server: ping ovm-manager).
  I hope this can help you
  Best Regards

• Change Directory server for Portal Server 6.2

  Hi there,
  I have the following problem with Portal Server 6.2 configuration which hopefully someone here will be able to help me with.
  Basically our current setup is the Sun Portal Server 6.2, ID server 6.1 and Directory server all sitting on one (Solaris 9) box. We now wish to separate the Portal / ID server components and the Directory Server component to separate boxes. In portal server 6.0 i think there was a pssetup tool which allowed configuration of a directory server which populated it with the necessary data for portal and ID server. The directory server we will be installing to will not necessarily be a clean install, i.e. it may already be populated with data.
  Is there some way therefore to re-configure the existing directory server to allow us to point our portal / ID server at it?
  Thanks in advance for any help
  Laurence.

  This can be done. You need to import the portal/identity server's schema into your new directory server and then export your existing directory server's content and import it into the new one.

• Plse...help me on the communicating between CLEAN ACCESS MANAGER and Switch 3560E-24Ps by snmp

  Dear All,
  I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). Plse give me any suggestion to solve that problem. All configuration is as below:

  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/412_cam_book.html

• Any advantages to setting the AP-Manager and Management interface to an untagged vlan?

  Any advantages to setting the AP-Manager and Management interface to an untagged vlan? Currently, our controllers have their management and ap-manager interfaces on the same untagged vlan. Would it be wise to change this? Are there any gotchyas I should be aware of?

  No really, there won't be a problem. Management an AP-manager can be on different vlans.
  The vlan you chose to untag is the vlan you should declare as native on the switch, that's it.
  No advantage in having interfaces configured in a way or another.
  Some people want the management to be in a "management" subnet and the ap-manager will be in the subnet with all the APs. Some others have several AP subnets so the ap-manager is in the same as management ... no importance whatsoever as long as the config is coherent.
  The only thing that is worth considering is the size of AP subnet to me. If you give a /16 for APs and have 1000 APs in a single subnet, ARP and broadcast storms will be hitting the fan. But the vlan tag/untags that you chose are not important
  To rate an answer, click on the stars below it. 1 for not so useful and 5 for very useful.
  Nicolas
  ===
  Don't forget to rate answers that you find useful.

• OLM  oracle learing management and content server

  I want know about OLM oracle learing management and content server.
  how to install content server on a different server ( which set up i need to take and how to install it. ).
  Also how to integrate this content server with Oracle EBS?
  -Sagar

  Hi;
  Please check:
  Note.297108.1 - Oracle iLearning 5.0 Installation Guide
  Note.361958.1 - Oracle iLearning 5.0B Upgrade Considerations
  Note.364670.1 - Oracle iLearning 5.0B Upgrade Guide
  Regard
  Helios

• Installing Iplanet web server and directory server behind a firewall

  When installing iplanet web server and directory server behind a firewall - should the interal ip address be used or the external ip address?

  Hello,
  When you are installing iplanet web server behind a firewall,you should use the internal ip address in the firewall.
  1. The external ip address connection to the Internet. The type of IP address used?dynamic (commonly used for standard
  modems) or static (commonly used for cable modems) is dictated by the ISP to which you connect and the type of service it provides.
  2. The internal ip adress connection. This connection must be a static IP assignment, and it must be assigned by you.
  obviously it depends on the type of firewall setup you have.
  Thanks
  Selva