Sun Java Enterprise System 2005Q4 Release Notes

Access Manager Installation

Amconsole home page is not coming up in multinode installations (6291099)

In multinode installations you may find that the Amconsole home page fails to appear. Refer to the solution listed below:

  1. Login to the realm console of the first instance (for example: <first-node-protocol>://<first-node-fqdn>:<first-node-port>/amserver)

  2. Click on the link corresponding to the default realm.

  3. In the text field for “Realm/DNS Aliases”, enter “<node2–fqdn>” and click Add.

  4. Click Save.

  5. Click on the “Realms” link in the bread crumb above the tabs.

  6. Click on the “Configuration” tab.

  7. Click on the “System Properties” tab

  8. Click on the “Platform” service tab.

  9. Under “Instance Name”, click the “New...” button.

  10. In the “Server” field, enter “<node2–protocol://<node2–fqdn>:<node2–port>”.

  11. In the “Instance Name” field, enter an unused number (for example, the number 2).

  12. Click “OK”.

  13. Click “Save”.

Access Manager SDK configuration causes web server startup failure errors (6293225)

The problem of web server startup failures can be attributed to the Access Manager's SDK configuration. In the current scenario, the file contains the wrong information and causes a series a web server startup failures. The following variables do not have the correct information:

Solution On your node B, where Access Manager SDK is installed with Web Server, modify the <Web_Server_Instance_dir>/config/server.xml file and add the required Access Manager JAR files to the classpath.

Unable to install Access Manager (using CLI) without Directory Server in a multi-node deployment (6305887)

While installing Access Manager, using the CLI, you may not be presented with a dialog box that provides warning information concerning your configuration. This dialog box does not appear while using the CLI.

Solution Use the graphical user interface (GUI) to install Access Manager.

Installer doesn't add platform entry for existing directory install (6202902)

The Java ES Installer does not add a platform entry for an existing directory server installation (DIRECTORY_MODE=2).

Solution Edit the platform service Server List attribute to add the second instance. For example. if the first instance is, it will have an entry such as|01. If the second instance is on host2 and uses the same Directory Server as host1, use the Access Manager administrator console to add an entry such as|02.

Installing Access Manager on an existing DIT requires rebuilding Directory Server indexes (6268096)

To improve the search performance, Directory Server has several new indexes. Therefore, after you install Access Manager with an existing directory information tree (DIT), rebuild the Directory Server indexes by running the script. For example: # ./ -D "cn=Directory Manager" -w password -n userRoot

The script is available in the DS-install-directory/slapd-hostname/ directory.

Access Manager registered portal services are not added to user when created through the Access Manager SDK (6280171)

Solution For every user created through the use of the commadmin command line interface, you will need to register all of the missing services with the Access Manager admin console.

Sub-org creation not possible from one Identity Server by using Identity Server amadmin CLI (5001850)

Solution In both Directory Server, make sure to have inside cn=config, cn=ldbm database,cn=plugins, cn=config, nsslapd-lookthroughlimit set to -1.

Console-only install configuration fails (5047119)

The installer does not configure the web container for a console-only installation on a local server.

Solution Perform a console only installation in two separate installation sessions:

  1. In the first installation session, perform a “Configure Now” install of the web container (Application Server or Web Server).

  2. In the second installation session, perform a “Configure Later” install of Access Manager Administration Console.

  3. After the second session is finished, change to the Access Manager utilities directory. For example, on Solaris systems:

    # cd AccessManager-base/SUNWam/bin/

    where AccessManager-base is the Access Manager base installation directory.

  4. Copy the amsamplesilent file and specify a new file name.

  5. Edit the copy of the amsamplesilent file to specific the configuration information, including DEPLOY_LEVEL (2 for console only) CONSOLE_HOST, CONSOLE_PORT, and SERVER_PORT variables.

  6. Run the amconfig script with the edited amsamplesilent file. For example:

    # ./amconfig -s copy-of-amsamplesilent

    where copy-of-amsamplesilent is the name of the copy of the amsamplesilent file.

    For more information about the amsamplesilent file and amconfig script, see the Access Manager 2005Q4 Administration Guide.

pre61to62upgrade script does not handle DB based logging correctly (5042233)

After the Access Manager upgrade process is finished, the upgrade log indicates that the DB based logging was not handled correctly.

Solution None. The current release of the Access Manager upgrade process does not support DB based logging.

Installing Access Manager 2005Q1 With SSL Enabled Directory Server (no Issue ID)

If Directory Server is already installed and has SSL enabled, the installation of Access Manager 2005Q1 will fail. To install Access Manager 2005Q1, first disable SSL for Directory Server. After the Access Manager installation is finished, then re-enable SSL for Directory Server.

Single Quote Not Allowed in Passwords and Root Suffix (no issue ID)

In passwords (such as for amadmin) and the Directory Server root suffix, Access Manager does not support a single quote (\q). The back-slash (\\), however, is supported.

Installation of Access Manager fails if Directory Server 5.1 SP2 implements the Reset Password (4992507)

When you run the Java Enterprise System installer, the installation of Access Manager 2005Q1 fails if Directory Server 5.1 SP2 is configured to require users to change their passwords the first time they log in.

Solution Set the Directory Server password reset policy to “off”.