Hi,

This seems to be an issue with iManager, not sure how to fix. The actual problem is that when I use my default iManager server (S-01) to do any sort of certificate management (eg View Objects > Browse to and Open "DNS AG S-01 blah" > Select Certificates Tab > Wait for Server 500 error) for one specific server (S-02) there is a long wait and then a 500 error is thrown. On the other hand if I use iManager on the 'bad' server (S-02) there are no problems.

How did I get into this little mess? Easy, I removed the S-02 server from eDirectory by mistake. I was able to re-add the server back into the tree and everything seemed fine. For example S-02 has iPrint Manager on it and it is fully operational and manageable.

Versions :
"Main" iManager server 'S-01' : OES2018, eDir 9.1, SLES 12 sp2, iManager 3.0.4, Master Replica
"Bad" server 'S-02' : OES2018, eDir 9.1, SLES 12 sp2, iManager 3.0.4, iPrint 3.0.3, no replica's

Things Tried :
1. Removed the SAS and all cert objects from eDirectory. Ran ndsconfig upgrade/reload ds/reload nldap/namconfig -k/reload namd

Things thought about, but not tried :
1. Remove SAS/cert objects and recreate with iManager on S-01. Other steps required?
2. Run the coolsolutions certificate-recreation-script. This seems out of date and is perhaps not to be trusted in my environment. For example the tests it performs use ldapsearch with a now invalid parameter of "-e /path/to/SSCert.der".
3. Ignore it since key services are working and managable.
4. Re-install iManager on S-01.

Anyone with clues or advice?
Yes! Me! I found and fixed the issue. The issue is that the server has multiple IP addresses on different subnets. The file /etc/opt/novell/eDirectory/conf/nds.conf had n4u entries for the ip address which was NOT the one used for all things eDirectory/ldap (a private 10.x address used for communication with printers.) That private IP was at the head of the list of ip's in the nds.conf file.

The fix? Remove the references to the 10.x ip address, restart eDir, ldap and namcd just to be certain. And now it is all good.
The clue? Seeing this "ndsconfig get n4u.server.interfaces --config-file /etc/opt/novell/eDirectory/conf/nds.conf | grep n4u" in the /var/log/messages file on a server that was throwing the 500 error. Since that command is the first-ish thing done by iManager when checking a cert I tried it on the "bad" server to see what was being returned and viola!

Cheers,

Ron