Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5986
  • Last Modified:

Tomcat/Apache will not start on Netware 6.5 SP5

Hello,

We recently migrated a number of servers to the latest Netware 6.5.  I think I'm having a certificate issue with some of the servers.  New server installs work fine, and "some" of the other migrations also work fine.

However, on at least two servers now, I am not able to get Apache and Tomcat to load.  As such, I cannot use iManager or other web-based products on those particular servers.  

The autoexec has the following entries for these components:
AP2WEBUP
#Apache2 is now the admin server
ADMSRVUP
# tc4admin begin
SEARCH ADD SYS:/tomcat/4/bin
tcadmup.ncf
# tc4admin end
# tomcat4 begin
sys:/tomcat/4/bin/tomcat4.ncf
# tomcat4 end

After executing tcadmup, I can see the server attempt to start it (in the logger screen), but it eventually reads:

"Stopping server Netware Administration Tomcat
java:  Class org.apache.catalina.startup.bootstrap exited with Status 1"

Using the overlay CDs, all products have been reinstalled and it didn't help.  

Any ideas or any other information I can provide?

TIA
0
jfahern
Asked:
jfahern
  • 2
1 Solution
 
ShineOnCommented:
You're wondering about certificates - any indication that's got you pointed in that direction?

Did you re-create the server KMO's after you upgraded the certificate server?  Perhaps that's the issue.  

Have you tried PKIDIAG to see if you have cert problems?
0
 
jfahernAuthor Commented:
ShineOn, thanks much!  Running PKIDIAG in fix mode actually took care of everything on its own!  It looked like two of the certificates were expired.  I'm surprised that would have stopped everything from even loading up?  Anyway, if you're curious, I'll post the original text which led me to certificates.  It tells me to run tckeygen which I have, but it never worked.  Apparently running pkidiag after that resolves the issue.  Thanks again.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
tccheck: Tomcat found problems with your security certificate.                  
Please re-export sys:/Public/RootCert.der and then                              
execute sys:/system/tckeygen.ncf                                                
LDAP connectivity not found on ldap://localhost:636                            
Please load NLDAP and then manually execute command: sys:/tomcat/4/bin/startup  
                                                                               
If your server host certificates have change recently, executing                
sys:/system/tckeygen.ncf may be needed to restore secure LDAP                  
connectivity                                                                    
tccheck: Tomcat found problems with your security certificate.                  
Please re-export sys:/Public/RootCert.der and then                              
execute sys:/system/tckeygen.ncf                                                
LDAP connectivity not found on ldap://localhost:636                            
Please load NLDAP and then manually execute command: sys:/tomcat/4/bin/startup  
        -config sys:/adminsrv/conf/admin_tomcat.xml                            
If your server host certificates have change recently, executing                
sys:/system/tckeygen.ncf may be needed to restore secure LDAP                  
connectivity                                                                    
java: Class com.novell.application.tomcat.util.tccheck.LDAPVerifier exited succe
ssfully                                                                        
java: Class com.novell.application.tomcat.util.tccheck.LDAPVerifier exited succe
ssfully  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0
 
ShineOnCommented:
The tckeygen thing was because tomcat/java wants to connect using secure LDAP, and it stores the certificate info separately from the regular certificate store, for some reason.

Since the cert info didn't really change, fixing the KMO's so they weren't expired fixed the problem.

If you had had to delete and re-create your KMO's, you'd probably have had to rerun the tckeygen to register the new cert in tomcat/java, but since the cert just needed renewing, that wasn't necessary.

Glad it's working for you.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now