Only the primary version of Administration Console contains the certificate authority. If you uninstall this version, you can no longer use Access Manager for certificate management. You need to promote a secondary console to be the primary console. See Installing Secondary Administration Console in the NetIQ Access Manager 5.0 Administration Guide.
IMPORTANT:If you are uninstalling all Access Manager devices, the primary Administration Console must be the last device you uninstall. The uninstall programs for the other devices contact the primary Administration Console and validate the admin’s credentials before allowing the device to be removed.
Uninstalling Administration Console
Unzip the tar.gz file by using the following command:
tar -xzvf <filename>
Log in as the root user or equivalent.
At the command prompt of the Access Manager directory, enter the following:
./uninstall.sh
IMPORTANT:If SLES 12 SP4 has the latest patches from SUSE update channel, run the systemctl enable ndsd.service command and then choose option 6.
Specify option 6 to uninstall all products or specify Q to quit without uninstalling.
You must use option 6 instead of option 1.
After running the./uninstall.sh script, go to Auditing > Troubleshooting > Other Known Device Manager Servers, then remove the entry for this secondary Administration Console from the servers list.
A log file is created at /tmp/novell_access_manager_uninstall.log.
Remove any traces of the Administration Console replicas from the configuration datastore:
In Administration Console Dashboard, click <user name> at the top right of the page and thenclick Configure Console.
Click Objects.
In the tree view, click novell.
Delete all objects that reference the failed primary Administration Console. You should find the following types of objects:
SAS Service object with the hostname of the failed primary console
An object that starts with the last octet of the IP address of the failed primary console
DNS AG object with the hostname of the failed primary console
DNS IP object with the hostname of the failed primary console
SSL CertificateDNS with the hostname of the failed primary console
SSL CertificateIP with the hostname of the failed primary console
NCP server object
Run the /opt/novell/eDirectory/bin/ndsstat -r command to view the list of available replicas.
If you can still see the replica that you deleted from Other Known Device Manager Servers, then perform the following steps:
Log in to Administration Console as a root user.
Change to the /opt/novell/eDirectory/bin directory.
Run the ndsrepair -P -Ad command.
Select the replica and click View replica ring. Select the name of the replica that is visible and click Remove this server from replica ring.
Specify the DN of the admin user in leading dot notation. For example, .admin.novell.
Specify the password and select I Agree.
If a secondary console fails, you need to remove its configuration from the primary console before installing a new secondary console. If the failed console is part of the configuration, other Access Manager devices try to contact it.
On the primary console, click Troubleshooting.
In Other Known Device Manager Servers, click Remove next to the failed secondary console.
Remove traces of the secondary console from the configuration datastore:
In the Access Manager menu bar, select View Objects.
In the Tree view, select novell.
Delete all objects that reference the failed secondary console.
You should find the following types of objects:
SAS Service object with the hostname of the secondary console
An object that starts with the last octet of the IP address of the secondary console
DNS AG object with the hostname of the secondary console
DNS IP object with the hostname of the secondary console
SSL CertificateDNS with the hostname of the secondary console
SSL CertificateIP with the hostname of the secondary console
Install a new secondary console. See Installing Secondary Administration Console in the NetIQ Access Manager 5.0 Administration Guide.