Installation Issues

• After applying patch 1, /tmp/amsilent file allows read access for all users (6370691)

• On SDK install with container configuration, notification URL is not correct (6327845)

• Access Manager classpath refers to expired JCE 1.2.1 package (6297949)

• Installing Access Manager on an existing DIT requires rebuilding Directory Server indexes (6268096)

• Log and debug directories permissions incorrect for non-root users (6257161)

• Authentication service is not initialized when Access Manager and Directory Server are installed on separate machines (6229897)

• Installer doesn't add platform entry for existing directory install (6202902)

After applying patch 1, /tmp/amsilent file allows read access for all users (6370691)

After you apply patch 1, the /tmp/amsilentfile allows read access for all users.

Workaround: After you apply the patch, reset the permissions for the file to allow read access only by the Access Manager administrator.

On SDK install with container configuration, notification URL is not correct (6327845)

If you perform an SDK installation with the container configuration (DEPLOY_LEVEL=4), the notification URL is not correct.

Workaround:

1. Set the following property in the AMConfig.properties file:

   com.iplanet.am.notification.url=
   protocol://fqdn:port/amserver/servlet/com.iplanet.services.comm.client.
   PLLNotificationServlet

2. Restart Access Manager for the new value to take effect.

Access Manager classpath refers to expired JCE 1.2.1 package (6297949)

The Access Manager classpath refers to Java Cryptography Extension (JCE) 1.2.1 Package (Signing Certificate), which expired on July 27, 2005.

Workaround: None. Although the package reference is in the classpath Access Manager does not use this package.

Installing Access Manager on an existing DIT requires rebuilding Directory Server indexes (6268096)

To improve the search performance, Directory Server has several new indexes.

Workaround: After you install Access Manager with an existing Directory Information Tree (DIT), rebuild the Directory Server indexes by running the db2index.pl script. For example:

# ./db2index.pl -D "cn=Directory Manager" -w password -n userRoot

The db2index.pl script is available in the DS-install-directory/slapd-hostname/ directory.

Log and debug directories permissions incorrect for non-root users (6257161)

When a non-root user is specified in the silent install configuration file, permissions on the debug, logs, and starts directories are not set appropriately.

Workaround: Change the permissions on these directories to allow access for a non-root user.

Authentication service is not initialized when Access Manager and Directory Server are installed on separate machines (6229897)

Although the classpath and other Access Manager web container environment variables are updated during installation, the installation process does not restart the web container. If you try to login to Access Manager after installation before the web container is restarted, the following error is returned:

Authentication Service is not initialized. 
Contact your system administrator.

Workaround: Restart the web container before you login to Access Manager. Directory Server must also be running before you login.

Installer doesn't add platform entry for existing directory install (6202902)

The Java ES Installer does not add a platform entry for an existing directory server installation (DIRECTORY_MODE=2).

Workaround: Add the Realm/DNS aliases and platform server list entries manually. For the steps, see the Adding Additional Instances to the Platform Server List and Realm/DNS Aliases in Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide.