These release notes contain important information available at the time of the version 5.1 release of iPlanet Console and Administration Server. New features and enhancements, installation notes, known problems, and other late-breaking issues are addressed here. Parenthetical numbers contained within, or following the topics, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services.
Read this document before you begin using iPlanet Console and Administration Server.
An electronic version of these release notes can be found at the iPlanet documentation web site: http://docs.iplanet.com/docs/manuals/console.htm
iPlanet Console incorporates compression code by the Info-ZIP group. There are no extra charges or costs due to the use of this code, and the original compression sources are freely available from ftp://ftp.freesoftware.com/ on the Internet.
These release notes contain the following sections:
iPlanet Console and Administration Server version 5.1 lets you manage iPlanet software and users in your enterprise. iPlanet Console provides a unified administration interface for servers and applications as well as to user and group entries in an instance of Directory Server. iPlanet Administration Server carries out operation requests from servers and applications. Version 5.1 of iPlanet Console and Administration Server includes a redesigned Access Control Editor and a new security management framework.
iPlanet Console's new Access Control Editor simplifies the process of creating Access Control Instructions (ACIs). You can use the Editor's visual mode to create ACIs through a graphical interface. You can use the Editor's manual mode to edit ACIs by hand. For more information, see the online manual Managing Servers with iPlanet Console located at http://docs.iplanet.com/docs/manuals/console.html.
iPlanet Console and Administration Server's new security management framework includes support for Transport Layer Security (TLS) as well as new wizards for certificate request and installation. For more information, see the online manual located at http://docs.iplanet.com/docs/manuals/console.html.
Complete installation instructions and release notes for Netscape and iPlanet servers are available online at this location: http://docs.iplanet.com.
The following patches are required on Solaris:
To determine if these patches are already installed, on the command line type:
showrev -p |grep <patchnumber>
You cannot install a simplified Chinese version of iPlanet Administration Server 5.1 if your configuration directory is stored on a machine that is not running HP-UX. To install Administration Server that will use a simplified Chinese version, the instance of Directory Server containing your configuration directory must be running on HP-UX, either locally or on a remote machine (401888).
HP-UX for 64-bit architectures
Do not attempt to install iPlanet Console using a double byte Administration domain name. The iPlanet Server Setup program will not work as designed (355492). Installing patch PHSS_15840 will solve this problem. Contact Hewlett-Packard for detailed information on obtaining this patch.
You can save the installation cache when you install iPlanet Console. All the values you specify during installation are saved to a file when you save the installation cache. This file is useful when you want to perform subsequent silent installations. To save the installation cache, navigate to the server root, and then enter setup -k at the command line (339769). For more information on silent installation, see your server's documentation (available at http://docs.iplanet.com).
If you are running the iPlanet Server Products Setup program to install Administration Server and Console binary files that are mounted using NFS, keep the following in mind:
If the default user directory for your administration domain is stored on an instance of Directory Server that is running SSL, you will not be able to install or upgrade iPlanet Administration Server (395410). To work around this problem, follow the appropriate set of instructions:
To Install a New Instance of Administration Server for a Directory Server Using SSL
During Console installation, the setup utility retrieves the domain name from Directory server. If the domain name is a double byte value (eg. Chinese or Japanese character set) it is displayed incorrectly. The correct double byte domain name must be added manually. (521506)
Using Netscape Directory Server 4.0 or Earlier
If your configuration directory is running on Netscape Directory Server 4.0 or earlier, you may receive an "error 14" message when performing Console operations (392925). This is because Console 4.1 and higher require schema updates to the directory. To fix this problem, install the latest version of iPlanet Directory Server.
Using Escape Characters During Installation
Do not use escape characters in domain names during iPlanet Console installation. Using a traditional escaped character (such as \,) when specifying a domain name during installation will cause the iPlanet Server Products Setup program to fail (420089). If you want to use escape characters in your domain names, you may use Console to add them after Console is installed and the domain is created.
This section describes the following known problems and related solutions. Parenthetical numbers contained within, or following the topic, are tracking numbers. Tracking numbers are useful when discussing issues with Technical Support or Professional Services:
When re-starting Administration Server on Unix, the start-up information does not always appear, even though the re-start was successful (4529947).
Must Use a Single CPU System With Linux
admconfig in Console is incompatible with multiprocessor Linux systems. To use Console with Linux you must disable all but one CPU (555831).
Stopping a Secure Server With Admin Express
You cannot stop secure server from Admin Express (4529402).
"Paste From Clipboard" button throws exception in certificate manager on OSF. The workaround is to use the "Copy From File" option above the Paste From Clipboard button (4529367).
All stop methods in Linux fail. Terminating any http processes in Linux is accomplished manually (4528348).
Blank Dialog Box While Using amconfig With SSL Enabled
If you use amconfig with SSL enabled, storing personal certificates in the .mcc directory triggers a blank dialog box, even if client authentication is disabled. Dismiss the blank dialog box by clicking the button in the lower right corner of the dialog box approximately 10 times or until gone (4526841).
Security Issue: Windows NT Allowed IP Addresses
In the Windows NT environment, the default setup allows connections to the Administration Server from any host. If this presents a security concern in your environment, you can use the Administration Server Console to make the access more restrictive. For complete instructions on server access restriction see Managing Servers with iPlanet Console chapter 7 Administration Server Configuration (521519).
If you lose a network connection while iPlanet Console is running, iPlanet Console may become inoperable. Re-establish your network connection, then restart iPlanet Console (106714).
When starting iPlanet Console using some window managers (Enlightenment, WindowMaker, or Gnome), the Login window may be hidden behind the iPlanet Console splash screen, and you will not be able to log in (345545). As a workaround, start iPlanet Console at the command line by entering startconsole -x nologo.
Inputting Asian Characters on HP-UX
If you are entering text into iPlanet Console, Asian characters (Japanese, Chinese, or Korean) may appear as empty boxes (393006). To fix this problem, install the required TrueType fonts for the language you need on your system, and then set the JAVA_FONTS environment variable to the location of these fonts.
You may also want to contact Hewlett Packard about an updated Java Runtime Environment (JRE).
When inputting Asian characters, the Input Method Editor (IME) may fail to work properly (401880). To fix this problem, install the following patches (available from the HP web site):
Asian Characters in Search Results
When iPlanet Console returns user and group search results, Asian characters (Japanese, Chinese, or Korean) may appear as empty boxes (401889). To fix this problem, change your font settings. To do this:
Your font choices are preserved as part of your Console user preferences.
For more information on changing Console fonts, see Chapter 3 of the iPlanet Console Server Management Guide (available online at http://docs.iplanet.com/docs/manuals/console.html).
If you are running Windows NT, Netscape Directory Server may start up after iPlanet Administration Server. If this happens, Administration Server will not be able to retrieve configuration information from the directory. To solve the problem, restart iPlanet Administration Server from the Windows NT Services Control Panel (394281).
If you are running iPlanet Console on a remote Unix server, fonts may look awkward, resulting in clipped UI text. To fix this problem, adjust font settings through the Preferences dialog box under the Edit menu in Console (336626).
If clicking a Help button does not open your web browser, displaying help, try reinstalling your web browser software (399626) (524985).
Proxied Administration Not Supported
iPlanet Console 5.1 does not support proxied administration.
Do not use a period (.) in server instance names. If you use a period in a server instance name, iPlanet Console will not recognize the server instance.
For example, the server instance msg.siroe.com is not acceptable; msg-siroe-com is acceptable (311490).
When the default language requires a user ID in a form other than the default (the user's first initial followed by the user's last name), you must manually override the nsuserformat attribute in the configuration directory (117507). To manually override the nsuseridformat attribute:
When creating a new user or editing a user's personal data, do not use 8-bit characters in the First Name and Last Name fields. If you use 8-bit characters in the First Name or Last Name fields, the user ID is not automatically generated for you. Instead, use ASCII characters to enter the user's personal data (117507).
If the host computer for a server registered in the configuration directory is experiencing network problems, there could be a long delay when the Administration Express page tries to contact the server and create a status page (355354). To improve Administration Express performance, do the following:
After installing iPlanet Console and Administration Server 5.1, if you enable SSL on Netscape Directory Server 4.x, the directory server won't start. You will see the following message in the error log:
"Failed to set SSL cipher preference information: unknown cipher tls_rsa_export1024_with_rc4_56_sha!"
This message is generated because Console 5.1 includes two additional cipher suites that Directory Server 4.x does not recognize.
To work around this problem, do the following with encryption enabled and the directory not running:
Edit the dse.ldif file located in </server_root> /slapd-serverName/config/ as follows:
Once you have modified dse.ldif, you can disable and enable encryption for Directory Server by manually modifying the "security on/off" setting in slapd.conf. If you use Console to change your encryption settings or disable and then re-enable encryption, you will have to edit dse.ldif again.
Installing a Fortezza PKCS #11 Module on Windows NT
If the Fortezza PKCS #11 module you want to install is a Dynamic Link Library file (or shared library) and not a JAR file, do not use the "Configure Security Modules" dialog box in iPlanet Console. If you use iPlanet Console's graphical interface, you will not be able to activate Fortezza ciphers. Instead, use the modutil command line utility located at </server_root> /shared/bin/modutil.
To install a Fortezza PKCS #11 Module DLL File:
For example, if you are installing a Litronic token, you would enter: </server_root> /shared/bin/modutil -dbdir . -add CryptOS -libfile core32
For detailed information about modutil, see the iPlanet Console Server Management Guide.
Automatically Starting an SSL-Enabled Instance of Administration Server
To start an SSL-enabled instance of Administration Server without manually entering a password, do the following:
If the instance of Administration Server that you want to log in to is running SSL, you cannot use the -g option to start Console using green threads (400746).
Changing Configuration Directory Server Information
If you want to change the port number of the Configuration Directory Server used by your Administration Server, you can use either the following GUI or CLI instructions (391575)(391363):
Next, change the Administration Server LDAP port with the following steps:
To change the Administration Server LDAP port from the command, use the following instructions:
Open /admin-serv/config/adm.conf and change LDAP port to the new Configuration Directory Server port number.
Open /shared/config/dbswitch.conf and change the directory default URL to reflect the new port number.
These two procedures do not change the default URL for users and groups. To change the User Directory host name or port number for a domain, do the following:
All server instances in the administration domain will now use the new host name and port by default. If you want the instances in a particular server group to use a different User Directory Server, change the User DS settings for the server group's Administration Server.
Server Class Instantiate Error
Terminating the Console Java application while the class download for a server is in progress may
may leave the server class files in an inconsistent state. In this event, future attempts to access the particular server instance fail producing the error message: Server Class Instantiate Error. The following steps are needed to eliminate the error: (518823)
If the login window for iPlanet Console appears in the top corner of the screen, making the fields inaccessible, right click the border of the login window and select Move from the menu that appears. Drag the login window to the desired location. If this is not possible, then remove the file $HOME/.mcc/Console.4.0.Login.preferences (521500).
Internet Explorer Client Authentication
Initial setup of the iPlanet Console and Administration Server client authentication feature requires the use of Netscape Communicator to create the key3.db and cert7.db files needed for authentication. (522151)
You must type more than one character in each field of the Certificate Request form in the Certificate Set Up Wizard. If a certificate is installed that does not conform to this instruction when generated, iPlanet Console and Administration Server will display the error message: InvalidNicknameException. (520956)
Viewing Administration Express Online Help
Online help for Administration Express in the Netscape Navigator browser opens near the end of the help contents. Online help for Administration Express in the Internet Explorer browser opens near the beginning of the help contents. Users must scroll to view the desired help topic. (521601)
Multiple Email Addresses Appearing Using Console 5.1 with Netscape Directory Server 4.x
Using the Advance Property Editor through Console 5.1 to Netscape Directory Server 4.x, causes duplication of the email text field content in the User Panel. This is caused by opening the Advance Property Editor and clicking OK, whether or not any modification takes place. If you click Cancel, no duplication occurs. To remove duplicate addresses, highlight and delete the duplicate entries in the Edit Entries window and click OK (485161).
If you wish to configure your Administration Server use a SSL-enabled Directory Server, do not enable SSL for Administration Server and specify an SSL-enabled Directory Server in the same session. After enabling SSL for Administration Server, you must restart, then specify an SSL-enabled Directory Server (532351).
Console will not start if the LC_CTYPE shell variable is set in Solaris 2.6. To prevent the problem unset LC_CTYPE (533533).
If you have problems with iPlanet Product_Name, contact iPlanet customer support using one of the following mechanisms:
So that we can best assist you in resolving problems, please have the following information available when you contact support:
Useful iPlanet information can be found at the following Internet locations:
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Java, iPlanet, and all Sun, Java, and iPlanet based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the U.S. and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries.
Last Updated November 29, 2001