3374462: Configure crashkernel memory for kernel core dump analysis

This will make kdump act in a manner similar to the older netdump mechanism: the capture environment will go up to runlevel 3 (where network connectivity is enabled) and will use the secure copy command scp to transfer the kernel core dump to a separate system.

2. for SLES11

add the network device to be used to the variable: KDUMP_NETCONFIG in /etc/sysconfig/kdump.

In order to automatically set up a network device, pass the option “auto”. This is also the default.

For a custom setup, pass a string that contains the network device and the mode (dhcp,static), separated by

a colon, for example: “eth0:static” or “eth1:dhcp”.

If you use “static”, you have to set the IP address with ip=ipspec. ipspec is <client>:<server>:<gateway>:<netmask>:<hostname>:<device>:<proto>

as boot parameter. See mkinitrd(8) for details.

Pass the dumping method and the destination directory to the parameter: KDUMP_SAVEDIR in /etc/sysconfig/kdump

Supported methods are:

FTP, for example “ftp://user:password@host/var/log/dump”

SSH, for example “ssh://user:password@host/var/log/dump”

NFS, for example “nfs://server/export/var/log/dump”

CIFS (SMB) , for example “cifs://user:password@host/share/var/log/dump”

See also: kdump(5) which contains an exact specification for the URL format.


  • No Related Posts

7005894: IDM Remote Loader on Windows 2008 R2 and PWFilter firewall settings

The existing Windows Firewall configuration prevents the remote loader from receiving any password changes as captured by the PWFilter.dll on other Domain Controllers within the domain. To solve this problem, do the following:

On the Windows Server firewall, (required only on the server which hosts the Active Directory Remote Loader) add the following rules:

— Inbound Rules —

Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Allowed Users Allowed Computers.

Rule 1

dirxml port 8090 IN Domain Yes Allow No Any Any Any TCP 8090 Any Any Any

Rule 2

dirxml process dirxml_remote.exe IN Domain Yes Allow No %SystemDrive%NovellRemoteLoaderdirxml_remote.exe Any Any Any Any Any Any Any

NOTE: The port number should be the port number specified on the Remote Loader configuration. So instead of 8090, it will be whatever you specified in the configuration.

No specific Outbound Rules are needed.

The rules can be given any name.

They rules must be assigned to at least the Domain profile.

If using the 64 bit remote loader, the path differs: %SystemDrive%NovellRemoteLoader64bitdirxml_remote.exe

The rules can be also added from the command line using the following commands, modifying the port and path as applicable:

netsh advfirewall netsh advfirewall firewall add rule name="dirxml port 8090" dir=in action=allow enable=yes profile=domain protocol=TCP localport=80
netsh advfirewall firewall add rule name="dirxml process dirxml_remote.exe" dir=in action=allow program="%SystemDrive%NovellRemoteLoaderdirxml_remote.exe" enable=yes profile=domain


  • No Related Posts

7023600: IDM and 2019 Oracle Java Licensing Requirements

Questions and answers:

1. Will Micro Focus release updates for Oracle JDK 8 or JDK 11 for Identity Manager?

Answer: No, Identity Manager will be distributing the Azul Open JDK moving forward. Any improvements, fixes and security concerns will be addressed based on the Azul Open JDK.

2. What if you are using an older version of Java (release prior to January 2019) in Identity Manager? Will you be responsible for any additional license fees?

Answer: No. Only newer updates specific to Oracles JDK that are post January 2019 require and licensing. Further, the vendor that redistributes the Oracle JDK is responsible for the licensing. If you are using a version of Oracle JDK prior to January 2019, no additional licensing is required


  • No Related Posts

7003300: Identity Manager Error: SSL3_GET_RECORD:wrong version number

The connection between the Engine and the Remote Loader must beproperly configured. For all drivers there is a ‘RemoteLoader’ configuration line available in either iManager orDesigner. This line typically includes the followingparameters:


The parameter to configure the SSL between the Remote Loader andthe Engine is then added to the end of this as follows:

hostname=ipAddressOrDNSNameOfServerport=8090 kmo=’Certificate Short Name’

In this example the name of the certificate (an object of class’NDSPKI:Key Material’) associated with the server hosting the IDM(Identity Manager) engine is ‘Certificate Short Name’ and must be wrapped accordinglyin single quotation marks. The full name of the certificateas shown in iManager or ConsoleOne would look something like thefollowing:

Certificate Short Name -serverName

Via LDAP it may have looked like the following:

cn=Certificate Short Name -serverName,dc=servername,dc=server,dc=system

Keep in mind that only the short name of the certificate is used inthe Key Material Object (KMO) parameter within the driver configuration. On theRemote Loader side the exported trusted root certificate from thiscertificate or the self-signed certificate from the tree CA shouldbe imported per the Novell Identity Manager documentation.

If either the name of the certificate is specified incorrectly(lacking quotation marks, for example) or the certificate isspecified on one side of the connection but not the other then thiserror may be the result.
This error has also been seen with a connection timeout type issue. Setting handshaketimeout in the connection parameters has been reported to resolve the issue.


  • No Related Posts