7771764: Which AppManager folders and file should be excluded from virus scanning? (NETIQKB71764)

The following folders and their contents should be excluded from virus scanning:

  • %NetIQAppManagerdb
  • %NetIQAppManagerdat
  • %NetIQTemp
  • %NetIQAppManagerbin

These four directories contain the AppManager log files, PIOC files, binary files and the Local Repository of the agent and are constantly being updated. If these folders are not excluded from Anti-Virus scanning, you may encounter performance issues such as high CPU utilization on the machine.

NOTE: If your Anti-Virus Software performs Active Scanning or Script Scanning, it may interpret nearly everything the NetIQ AppManager Agent for Windows does as a potential threat, as the Agent runs jobs that are purely script-based.

In such a case, the Agent’s Services may experience long delays in starting or loading and/or severe Resource usage (CPU/Memory) as a result of the constant scanning of the Anti-Virus software. Additionally, jobs may take significantly longer then normally necessary to complete a single iteration, as the work being done is being scrutinized by the Anti-Virus software.

If you are seeing issues with the NetIQ AppManager Agent for Windows similar to those described above, and excluding the three directories mentioned in the first part of this Fix does not help, you should either Disable Script Scanning, or you should exclude the entire ..NetIQ directory from Active Scanning or Script Scanning to free the NetIQ AppManager Agent for Windows from being constantly scanned.

Related:

  • No Related Posts

7023367: Unable to Register Windows machines to the PAM server

This document (7023367) is provided subject to the disclaimer at the end of this document.

Environment

Privileged Account Manager 3.2
Privileged Account Manager 3.5

Situation

Unable to register any hosts to the PAM server. The hosts can be Windows or Linux machines. Error seen under the unifid.log on the host machines give the following error.
Thu Sep 20 16:03:12 2018, 964, 13320, 5104, Error, Peer verification error for in-blr-lytsfe1(127.0.0.1) accessing regclnt.getSessionCache

Thu Sep 20 16:03:19 2018, 549, 13320, 5104, Info, Unable to open ‘C:Program FilesNetIQnpumservicelocalrexec
Error, Failed to register with manager 10.138.8.136:29120 500 Unauthorized service registration

Resolution

Check the licenses under the PAM server. When you login to the admin console, click on the user (admin) and select ‘About Framework’. Check the licenses and for more information click on “Show License Summary”.
This should show that the maximum limit has been reached. Upgrade the license and Register the hosts again.

Additional Information

This is a license issue, especially when you notice “Error, Peer verification error” under the host unifid.log

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

7023360: Unable to access resources when using Sophos STAS

This document (7023360) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ eDirectory 8.8.8
Client for Open Enterprise Server 2 SP4
Sophos XG Firewall
Sophos Transparent Authentication Suite (STAS)

Situation

Unable to access Internet resources when authenticating to eDirectory through STAS.

Resolution

Ensure that each eDirectory user object has the UserID (UID) attribute populated. One approach is to use the steps outlined in Cool Solution “Setting Up UIDs in iManager based on CN Values” https://www.novell.com/coolsolutions/feature/18867.html

Cause

STAS relies on the UID being populated.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023355: ‘execstack -c ‘, or link it with ‘-z noexecstack’ message in log files

This document (7023355) is provided subject to the disclaimer at the end of this document.

Environment


eDirectory

Identity Manager

iManager

Situation

Messages in ndsd.log

Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/novell/lib64/libnpkit.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It’s highly recommended that you fix the library with ‘execstack -c <libfile>’, or link it with ‘-z noexecstack’.
NetIQ JClient 2.08.0403-2.8.403. (c) 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/novell/eDirectory/lib64/libdhutilj.so.3.0.500 which might have disabled stack guard. The VM will try to fix the
stack guard now.
It’s highly recommended that you fix the library with ‘execstack -c <libfile>’, or link it with ‘-z noexecstack’.
Message in Catalina.out
NetIQ JClient 4.00.0130-4.0.130. (c) 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /var/opt/novell/iManager/nps/WEB-INF/bin/linux/libnpkiapi.so which might have disabled stack guard. The VM will try t
o fix the stack guard now.
It’s highly recommended that you fix the library with ‘execstack -c <libfile>’, or link it with ‘-z noexecstack’.

Resolution

Analysis of this message has determined the process isn’t effect and it is cosmetic in nature.

Cause

Messages will be generated when a java process tries to load a native library.

It is been introduced by Oracle after java 1.7 onward.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023354: 783 error trying to start a driver after a non-root install

This document (7023354) is provided subject to the disclaimer at the end of this document.

Environment

Identity Manager 4.7

Situation

783 error when trying to start a driver after installing IDM as anon-root user.

Error is a JVM error.

Resolution

Exit ndstrace, sudo su, and installthe/common/packages/java/netiq-jrex-1.8.0-162.noarch.rpmpackage. Then restarting eDirectory allows vrdim to loadproperly and the driver to start.

Cause

Currently there is a bug where the java files are not installedwhen doing a non-root install.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023331: Error: “No database found in the system !”

This document (7023331) is provided subject to the disclaimer at the end of this document.

Environment

Privileged Account Manager

Situation

The following error appears when visiting the Reporting Console after a recent or brand new install:
No database found in the system !

Resolution

This error means there is no audit data to display since this is likely a recent install and nothing has been audited or captured yet. Once some sessions have been audited, they should then be displayed in the Reporting Console.

Cause

No session audits have taken place in this recent or new install of PAM.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts