Monitor ZENworks Services using Java VisualVM from a remote system

Ravish G

Ravish G. explains how to configure Java VisualVM so you can monitor ZENworks Services from a remote system. Java VisualVM allows you to generate and analyze heap dumps, track down memory leaks, browse the platform’s MBeans and perform operations on those MBeans…

+read more

The post Monitor ZENworks Services using Java VisualVM from a remote system appeared first on Cool Solutions. Ravish G

Related:

7023355: ‘execstack -c ‘, or link it with ‘-z noexecstack’ message in log files

This document (7023355) is provided subject to the disclaimer at the end of this document.

Environment


eDirectory

Identity Manager

iManager

Situation

Messages in ndsd.log

Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/novell/lib64/libnpkit.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It’s highly recommended that you fix the library with ‘execstack -c <libfile>’, or link it with ‘-z noexecstack’.
NetIQ JClient 2.08.0403-2.8.403. (c) 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/novell/eDirectory/lib64/libdhutilj.so.3.0.500 which might have disabled stack guard. The VM will try to fix the
stack guard now.
It’s highly recommended that you fix the library with ‘execstack -c <libfile>’, or link it with ‘-z noexecstack’.
Message in Catalina.out
NetIQ JClient 4.00.0130-4.0.130. (c) 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /var/opt/novell/iManager/nps/WEB-INF/bin/linux/libnpkiapi.so which might have disabled stack guard. The VM will try t
o fix the stack guard now.
It’s highly recommended that you fix the library with ‘execstack -c <libfile>’, or link it with ‘-z noexecstack’.

Resolution

Analysis of this message has determined the process isn’t effect and it is cosmetic in nature.

Cause

Messages will be generated when a java process tries to load a native library.

It is been introduced by Oracle after java 1.7 onward.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

SEP cloud Portal – cannot Enroll

I need a solution

Hello,

I am having trouble to Enroll the cloud portal. When I click at “Get Started” button, it opens a Windows Explorer window with some JAR files. I have already installed JAVA and the problem is still happening. The screenshot is attached. 

Does anyone have any idea?

Thanks,

Thiago

0

Related:

7016795: History of Issues Resolved for iManager 3.x

____________________________________________________________________________________________________________________

Issues resolved in iManager 3.1.1.1

September 2018

Tomcat 8.5.32

Java 1.8.0_181

FRAMEWORK

– Tomcat updated to 8.5.32 (Bug 1103143) (CVE-2018-8037 CVE-2018-1336 CVE-2018-8034)

OTHER

– Update JRE version to 1.8.0_181 (Bug 1107600) (CVEs in Oracle July 2018 Update Advisory)

____________________________________________________________________________________________________________________

Issues resolved in iManager 3.1.1

June 2018

Tomcat 8.5.30

JRE 1.8.0_172

FRAMEWORK

– Security vulnerability: multiple XSS weaknesses resolved (Bug 1079563/1080897) (CVE-2018-12462)

– Correct querying of latest plugins against those available (Bug 1094292)

OTHER

– Enhancement: RHEL 7.5 now supported (Bug 1093801)

– Login failure events look the same as those that complete (Bug 1080091)

– Installation returns fatal error due to version mismatch on libstdc++ (Bug 1088289)

– Windows installation not installing NICI if VC++ is already on server (Bug 1094012)

– A reinstall returns the SSL port selected is not valid or in use (Bug 1092676)

– Maxiumum version used to prevent duplicate plugins from being shown (Bug 1092674)

____________________________________________________________________________________________________________________

Issues resolved in iManager 3.1

March 2018

Tomcat 8.5.27

JRE 1.8.0_162

FRAMEWORK

– Potential XSS vulnerability closed (Bug 1063334) (CVE-2018-1347)

– 625 error when browsing a NSS directory on a cluster volume in iManager (Bug 1010818)

PLUGINS

– Secure transfer for plugin downloads (Bug 149319/1056490/1056487)

– Error -601 when setting the simple password for a user object having il8n characters in its name (Bug 1039287)

– Partition mgt: unable to add R/W replica when using a different locale (Bug 1003550)

OTHER

– Upgrades: NAudit and XDAS configuration file is getting reset (Bug 1010379)

– HSTS filter has been added in iManager web.xml file to enable Strict-Transport-Security (Bug 1045513) (CVE-2018-1344)

– Localization Fixes (930696/957746/930662/956947/960824/957256/957747/960797/960821/960822/960822/960823/960825/1079576)

____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.4

September 2017

Tomcat 8.0.45

JVM 1.8.0_144

NICI 3.0.3

FRAMEWORK

– Enhancement: RHEL 7.4 platform added (Bug 1058665)

– Enhancement: Windows 2016 support added (Bug 1025843)

– Timezone attribute is not interpreted correctly (Bug 1028890)

– Warning message overlapping with the driver name in the Driver Cache Inspector page (Bug 880032)

– “Cannot add empty strings” message when canceling changes (Bug 1034833)

– “Illegal character range near index 110” seen in driver’s status log (Bug 1038076)

– After selecting more than 100-300 objects no task is presented when clicking the button (Bug 1049152)

– Pop is thrown ‘value entered must be between 1 and 365’ after selecting another tab modifying user (Bug 1050586)

– Server redirection not working correctly when downloading plugins (Bug 1050868)

– Cannot uninstall plugins if both iManager Workstation 3.x and 2.77.x are installed on the same workstation (Bug 1053408)

– Object selector not honoring results per page setting (Bug 1042139)

– XSS attack hole closed (Bug 1052480) (CVE-2017-9276: internally found)

OTHER

– Audit: iManager is failing to Connect to Sentinel when Audit Connector is in STRICT mode (Bug 1022794)

– Upgrades left behind old iManager and plugin-base npms (Bug 870414)

– Some plugins could not be uninstalled (Bug 1037836)

– Tomcat updated (Bug 1048460)

– Java update (Bug 1049613)

– NICI updated (Bug 1052693)

____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.3.2 (303 Patch 2)

July 2017

Tomcat 8.0.44

JVM 1.8.0_131

FRAMEWORK

– Reflected XSS vulnerabilities (Bug 1038679) (CVE-2017-7425)

– Views: unable to add an IP address restriction to a user object (Bug 1030616)

TOMCAT

– Update Tomcat to 8.0.44 (Bug 1046831) (CVE-2017-5664,CVE-2017-5648,CVE-2017-5647,CVE-2016-8735,CVE-2016-6816)

JVM

– Updated to 1.8.0_131 (Bug 1045911)

____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.3.1 (303 Patch 1)

May 2017

– Potential webshell upload vulnerability (Bug 1027619) (CVE-2017-7432)

– Framework: persistent XSS vulnerability (Bug 1030691) (CVE-2017-7430)

– Object Mgt: vulnerable to persistent XSRF (Bug 1030692) (CVE-2017-7431)

– Tomcat: issue identified in the renegotiation of connection parameters (Bug 1029431) (CVE-2017-7428)

_____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.3

April 2017

NICI: 3.0.2

Tomcat: 8.0.37-1

Java: 1.8.0_112-1

FRAMEWORK

– iManager server cannot connect to Sentinel using the embedded private key. (Bug 1021637) (CVE-2017-5189)

– View objects, search, object, click on object and the Modify Object operation is not seen.. (Bug 1026609)

– Red Hat 7.3 now supported. (Bug 1027056)

Tomcat

– Time delay different between an invalid user and password. (Bug 1017876)

– iManager install log now masks jre default keystore password. (Bug 1023991)

– Nessscan reports in SSL 64-bit Block Size Cipher Suites Supported (SWEET32) in iManager 3.0.2. (Bug 1010732)

OTHER

– iManager updates overwritting the config.xml file. (Bug 1010839)

– Plugin installation: cannot uninstall the password management plugins. (Bug 1020092)

– Cannot install IDM 4.6 plugins on an upgraded iManager setup. (Bug 1022565)

– Configure: upgrade is not preserving configuration leading to Jcache not starting. (Bug 1024529)

_____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.2.1

February 2017

OTHER

– JCE unlimited cipher option jar no longer installed by default for ECDSA384 certificates. (Bug 1023402/1023024)

For more informaton: https://www.netiq.com/documentation/imanager-3/imanager_admin/data/b8qrh89.html#btubnyq

NAUDITXDAS

– iManager failing to connect Sentinel 7.4.2 and above version (Bug 1019789) (CVE-2017-5186)

– iManager is failing to Connect to Sentinel when Audit Connector is in Strict mode (Bug 1024955)

Auditing collectors, platform agents, instrumentation, etc. have been modified to use eDirectory certificates in order to connect to Sentinel servers versioned 7.4.2 and above. The previously used embedded certificate can no longer be used with Java 1.8. This certificate issue has required the modification of the following components. The updated files can be found on the respective product’s patch page.

1019041/987162 – eDir

1021637/1019789 – iMgr

999186/1019573 – PA

10195431011208 – IDM

1021391 – RBPM

1013758 – Naudit connector

_____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.2

November 2016

Tomcat: 8.0.37

Java: 1.8.0_102

PA: PA 2011.1r4 2.0.2-79

FRAMEWORK

– Added support for SLES12 SP2 (Bug 994329)

– Added support for RH 6.8 (Bug 991880)

– Consume Tomcat: 8.0.37 (Bug 997226/1004423)

– Warning message ‘Profile Missing’ pseen when launching iManager Windows Workstation (Bug 939510)

– iManager no longer installs 32-bit NICI packages (Bug 944512)

– Multiple NICI install issues resolved (Bug 966589/994068/994037)

– Getting “Error-634” error message when clicking on “Connections” tab under LDAP options (Bug 966672)

– Consume latest Java: 1.8.0_102 (Bug 995946/1006942)

– iManager displays secondary loopback address on completion (Bug 999237)

– Applying patch 4 to iManager 277 removes groups from novlwww user (Bug 1002179)

– Consume latest PA: 2011.1r4 2.0.2-79 (Bug 1005510)

– iManager uninstall does not cleanly uninstall its components (Bug 984889/986022/1002720)

– Need to mask IDP server backtrace when exceptions occur (Bug 992108)

– Some functions prone to Reflected Cross-Site Scripting attacks (Bug 992110)

– Cross-Site-Request-Forgery-Prevention not Working properly under heavy load (Bug 992111)

– Potential command execution vulnerability resolved (Bug 946043)

Tomcat

– Consume latest Tomcat: 8.0.37 (Bug 1002722)

– Tomcat 8.x vulnerable to CVE-2015-5351

– Nessus scan reports in SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) (Bug 963892) (CVE-2015-4000)

– Process runs from system account (Bug 992106)

OTHER

– Plugin Installation: .htaccess exists and is not restricted on the NAM admin console server (Bug 979235)

_____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0.1

June 2016

Tomcat 8.0.22

NICI: 3.0.1

JAVA: 1.8.0_77

FRAMEWORK

– Improvements made to only display available plugins that are compatible. (Bug 928695/973975)

– Enhancement: IDM support has been added. (Bug 970007)

– Safeguard iManager framework binaries during plugin uninstall process. (Bug 977353)

– iManager patch installer is not creating patch install logs. (Bug 906564)

TOMCAT

– Nessus scan reporting iManager is potentially vulnerable to Clickjacking. (OTG-CLIENT-009) (Bug 963890)

– iManager not listening after rebooting RHEL 7.2 server. (Bug 975678)

JAVA

– Updated to 1.8.0_77. (Bug 973128)

PLUGINS

– Cannot remove dash from phone number. (Bug 972633)

OTHER

– Installation is now prevented if a version of eDirectory lower than 9.0 is present. (Bug 976133)

– Admin Guide has been revised. (Bug 985323)

_____________________________________________________________________________________________________________________

Issues resolved in iManager 3.0 FCS

January 2016

Tomcat 8.0.22

NICI: 3.0

JAVA: 1.8.0_66

OpenLDAP: 2.1.25

FRAMEWORK

– Enhancement: Tomcat 8 support. (Bug 932438)

– Enhancement: Multi-tree support. (Bug 921490)

– Enhancement: TLS 1.2 support. (Bug 922920)

– Enhancement: Suite B support. (Bug 920352)

– Enhancement: UAP support added. (Bug 921046)

– Enhancement: iManager now supports EC certificates and enforces cipher options 128 and 192. (Bug 919946)

– Enhancement: iManager 3.0 now uses NICI 3.0. (Bug 958575)

– Ebaclientinit utility now bundled with iManager so the uap.p12 certificate can be downloaded. (Bug 920328/927784)

– Platforms tested: SLES12 SP1, SLES 11 SP4, SLED 12, OpenSUSE 13.2, Redhat 7.1 and 7.2. (Bug 914251/927929/949916/958468)

– Group plugin throws an error if there are unspecified addresses defined on the LDAP server object. (Bug 923881)

– Windows based iManager using IE 11 browser is not populating tree view objects. (Bug 881861)

– Objects not displaying in the right pane in view objects link. (Bug 902177)

– The platform.xml file is no longer used. (Bug 926495)

– Plugins updated to allow for nesting enhanced nested groups. (Bug 962772)

– Plugins that are not compatible with iManager 3.0 should not display as available. (Bug 928695)

TOMCAT

– Enhancement: standalone iManager now works with 64bit Java 1.8. (Bug 766367/953133)

INSTALL

– Suite B options added to silent install. (Bug 920829/932012)

______________________________________________________________________________________________________________________

Related:

7023342: Installing Retain on a Linux Server That Doesn’t Have Connection to the Internet

This document (7023342) is provided subject to the disclaimer at the end of this document.

Environment

Retain Unified Archiving 4.x+

Situation

How do you install Retain on a Linux server that does not have connection to the internet?

When installing Retain on a Linux server that doesn’t have connection to the internet, it fails when downloading JAVA. Retain is inaccessible.

Resolution

JAVA is one of the main components for Retain to be able to connect to the webserver, and the database in order for Retain to function. JAVA must be manually installed and set in order for Retain to be able to communicate and connect. Follow these steps to manually install JAVA and install Retain without having to connect to the internet.

  1. Download and Install Retain

    Download, copy the Retain install files to the server, and install Retain as normal. It will fail when trying to install JAVA. Even though it may ask for a path the installation will fail. This step is to create the preliminary directory structure for Retain in order to proceed to the next steps.
  2. Create java8 directory

    Create the java8 directory under the /opt/beginfinite/retain directory.

    Assign the java8 directory the correct tomcat ownership: chown -R tomcat:tomcat java8
  3. Download, copy and extract JAVA 8

    Download the JAVA8 tar file for linux and copy it to the server.

    Copy the tar file to the java8 directory.

    Untar the file: tar –xzvf server-jre-8u60-linux-x64.tar. This will create the directory for JAVA that

    Retain will need to connect to the JAVA directory binaries in order to run correctly.
  4. Edit the RetainInstall.sh

    In the Retain Installation directory edit the RetainInstall.sh.

    Look for the line that reads: “CHECKJAVA=`ls $APPDIR/java8/jdk* 2> /dev/null`” and remark it out (add a # to the front of the line. Save the file.
  5. Run the Retain Install again. This will install the rest of Retain, including Tomcat which will be required to hook into JAVA and the WEB Server. This will start tomcat automatically. Stop tomcat: rcretain-tomcat8 stop
  6. The next step is to go to the /etc/opt/beginfinite/retain/tomcat8 directory and edit the j2ee file

    Find the JAVA_HOME and add in the path to the java directory: /opt/beginfinite/retain/java8/jdk1.8.0_162
  7. Start Tomcat (rcretain-tomcat8 start)



    This will allow you to install Retain without having to connect to the internet.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7002609: -783 Unable to load VRDIM at driver startup. -299 error in NDS Trace.

I. After looking at the environment variables and specifically theLD_LIBRARY_PATH variable there was a JAVA based application thatwas installed between reboots.

The installed Java based application caused IDM to lose a referenceto where its own JRE is loaded.

To temporarily fix the issue for a default root-based installationyou can place the following command in the eDirectory startupscript. This puts the IDM related paths in theLD_LIBRARY_PATH without any other paths:

exportLD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib

Running this command will only overwrite thevariable until the server is rebooted. To permanently fix theissue, either remove the other Java-based application or find wherethe application is setting the LD_LIBRARY_PATH (probably in/etc/profile.d directory) and remove or adjust the settings. Some applications do not need to have a path in the LD_LIBRARY_PATHand the normal PATH variable is sufficient.

Another possible resolution would be to removeIDM and reinstall. It seems that when the JAVA applicationwas installed prior to IDM there were no issues; however, that maynot be the case with all applications, just the one that was usedin this particular issue.

If this issue happens on a system with eDirectory 8.7.3.x here are the steps to resolve.

  1. Edit the ndsd startup script (/etc/init./ndsd)
  2. Look for the line LD_LIBRARY_PATH. It should look something like the following: LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386:$LD_LIBRARY_PATH
  3. Change the like so that it looks like this: LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386
  4. Restart eDirectory and the IDM engine should load.

II. This issue has also been seen on a non-root install of IDM 4.7. This is due to missing Java Runtime Edition not being installed correct. Workaround: sudo su as root and install the following package from the IDM 4.7 installation media. Then restart eDirectory and the driver should load.

rpm -ihv /common/packages/java/netiq-jrex-1.8.0-162.noarch.rpm

Related:

ViPR SRM 4.0: Windows Binary Install – After reboot, event-processing-manager generates errors

Article Number: 493658 Article Version: 2 Article Type: Break Fix



ViPR SRM,ViPR SRM 4.0

After a fresh installation of ViPR SRM in a Windows 2012 binary environment the Event-Processing-Manager was failing to start throwing the following Java stack errors (for each PID of APG services installed):

WARNING — [2016-12-06 13:08:01 EST] — VMUtils::getVmInfos(): JVM ERROR. ID: ‘1212’, NAME: ”. Skipping

java.lang.NoClassDefFoundError: Could not initialize class sun.tools.attach.LinuxVirtualMachine

at sun.tools.attach.LinuxAttachProvider.attachVirtualMachine(LinuxAttachProvider.java:61)

at com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:237)

at com.watch4net.apg.common.jmxutils.VMUtils.getVmInfos(VMUtils.java:59)

at com.watch4net.apg.health.listener.JMXListener$ConnectorConfiguration.lookForNotifiers(JMXListener.java:428)

at com.watch4net.apg.health.listener.JMXListener$ConnectorConfiguration.run(JMXListener.java:412)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

NOTE: you will see entries for each PID that is associated with an APG modules installed on the server, such as Tomcat, Webservice-Gateway, etc. Each server will show a different listing of modules based on the Server type (Frontend, Backend, Collector).

Missing classpath definition in the win-service.properties file

  1. To resolve this issue you will need to log into the Windows server(s) hosting the SRM software. Navigate to the %INSTALL_ROOT%APGEvent-ProcessingEvent-Processing-Manageremc-watch4net-healthconf directory.
  2. Make a copy of the win-service.properties file.
  3. Edit the original file and find the # Java classpath instances and add the following entry: classpath.2=$JAVA_HOME$/lib/tools.jar <– make sure the classpath number is not duplicated
  4. Save the file
  5. Run “manage-modules.cmd update event-processing-manager emc-watch4net-health”

Navigate back to the logs directory of the Event-Processing-Manager and confirm that you are now seeing the JMXListener being successfully created for each APG component that was previously showing errors (PID numbers will be different from the originals):

INFO — [2016-12-20 14:29:12 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :2448

INFO — [2016-12-20 14:29:12 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :3168

INFO — [2016-12-20 14:29:13 PST] — HttpServer::start(): Starting web service server at /127.0.0.1:50589 (http)…

INFO — [2016-12-20 14:29:13 PST] — HttpServer::start(): Writing service identification in C:EMCAPGEvent-ProcessingEvent-Processing-Manageremc-watch4net-health.webservice

INFO — [2016-12-20 14:29:13 PST] — Bootstrap::start(): Processing manager started !

INFO — [2016-12-20 14:29:13 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :5048

INFO — [2016-12-20 14:29:13 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :1068

INFO — [2016-12-20 14:29:13 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :1868

INFO — [2016-12-20 14:29:13 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :2652

INFO — [2016-12-20 14:29:13 PST] — JMXListener$ConnectorConfiguration::lookForNotifiers(): Adding events emitter for com.watch4net.stats:name=EVENTS on :5068

Related: