Service Categories of Access Gateway Appliance

Service Category

If Not Healthy

Time: Indicates the type of the configuration. Time must be configured so that it remains synchronized with the other servers in the configuration

See Setting the Date and Time.

Gateway: Specifies the type of routing that is configured for the gateway.

See (Access Gateway Appliance) Viewing and Modifying Gateway Settings.

DNS: Specifies whether the domain name server has been configured

Displays the IP address of each configured DNS server and when the server last responded.

See (Access Gateway Appliance) Viewing and Modifying DNS Settings.

Services: Indicates the general health of all configured services.

Displays messages about the health of the reverse proxy, the back end web servers, and internal services (the SOAP back channel and the communication module).

Address: Indicates whether an IP address has been configured for the reverse proxy to listen on. This is required for Access Gateway to function.

See Creating a Proxy Service.

Embedded Service Provider Communication: Indicates whether ESP can communicate with Identity Server.

Restart ESP. If restarting ESP fails, try restarting Tomcat.

L4 and Cache: The L4 status indicates whether Access Gateway is responding to health checks from the L4 switch. The number increments with each health check for which Access Gateway does not send a response.

  • When it reaches 13, the health is changed to yellow.

  • When it reaches 31, the health is changed to red.

If Access Gateway recovers and starts responding, the health turns green after 20 seconds and the unresponsive count is reset to 0.

To fix the problem if it does not resolve itself, restart Access Gateway.

The cache status indicates the current number of delayed cache requests and whether enough memory is available to process new requests.

  • When this number reaches 101, the health is changed to yellow.

  • When this number reaches 151, the health changes to red. To solve the problem, you need to restart Access Gateway.

Restart Access Gateway by entering the following commands:

/etc/init.d/novell-apache2 stop and /etc/init.d/novell-apache2 start OR systemctl stop novell-apache2.serviceandsystemctl start novell-apache2.service

Embedded Service Provider Configuration: Indicates whether Access Gateway has been configured to trust an Identity Server and whether that configuration has been applied.

At least one Identity Server must be configured and set up as a trusted authentication source for Access Gateway.

A green status indicates that a configuration has been applied; it does not indicate that it is a functioning configuration.

See Managing Reverse Proxies and Authentication for information about assigning an Identity Server configuration to Access Gateway.

Configuration Datastore: Indicates whether the configuration datastore is functioning correctly.

Restore the configuration datastore. See Repairing the Configuration Datastore.

Clustering: Indicates whether all the cluster members are active and processing requests.

Restart the cluster members that are not active or remove them from the cluster.

Signing, Encryption and SSL Connector Keys: Indicates whether these keystores contain valid a key.

Click Access Gateways > Edit > Service Provider Certificates and replace any missing or expired keys.

System Incoming and Outgoing HTTP Requests: Appears when throughput is slow. This health check monitors incoming HTTP requests, outgoing HTTP requests on the SOAP back channel, and HTTP proxy requests to cluster members. If one or more requests remain in the queue for over 2 minutes, this health check appears.

Verify that all members of the cluster have sufficient bandwidth to handle requests. If a cluster member is going down, the problem resolves itself as other members of the cluster are informed that the member is down.

If a cluster member is slow because it does’not have enough physical resources (speed or memory) to handle the load, upgrade the hardware.

TCP Listener(s): Indicates whether the listening port for ESP is healthy.

Restart Access Gateway.

Embedded Service Provider’s Trusted Identity Provider: Indicates whether the configuration that Access Gateway trusts has been configured to contain at least one Identity Server.

Modify Identity Server configuration and add an Identity Server. See Assigning an Identity Server to a Cluster Configuration

Configure Access Gateway to trust an Identity Server configuration. See Managing Reverse Proxies and Authentication.

Audit Logging Server: Indicates whether the audit agent is functioning and able to log events to the auditing server.

Auditing must be enabled on Identity Server to activate this health check (click Devices > Identity Servers > Edit > Auditing and Logging).

Check the network connection between Identity Server and the auditing server.

See “Troubleshooting Novell Audit”.