4.1 Installation and Configuration Issues

4.1.1 Configuration Options for Secure API Manager Are Not Visible in the Administration Console

Issue: The Access Manager Administration Console does not display any options for the API Gateway to configure Secure API Manager. Or, you previously were able to use the configuration options in the Administration Console and the options have disappeared.

Solution: You must install a trial license or full license for Secure API Manager in Access Manager to have the configuration options appear. The trial license is included with Access Manager, but you must install the trial license for the options to appear. After 91 days, the trial license expires and the configuration options no longer appear in the Administration Console unless you purchase and install a full license.

After you purchase Secure API Manager, the full license is available from the Software Licenses and Downloads portal. You must install the full license in the Access Manager Administration Console to have the configuration options appear or reappear.

4.1.2 Cannot Access the Publisher or the Store

Issue: You cannot access the Publisher or the Store appmarks on the user portal page.

Solution: By default, no one is assigned rights to access the Publisher or the Store. You must ensure that the user account on the Identity Server that wants to access the Publisher or the Store contains the proper role assignments that grant access to the Publisher and the Store.

4.1.3 Deleting an Appliance and Reinstalling It with the Same IP Address and DNS Name Causes Issues

Issue: You have deleted the VMware image of the appliance but you did not delete the associated API Gateway object from the Administration Console. You then redeployed another appliance and you use the same IP address and DNS name of the first appliance. The API Gateway is not working as it should. It is not allowing authentications and you cannot access it.

Solution: Delete the API Gateway object from the Administration Console, then delete the appliance from VMware or delete the Docker container. Next, redeploy the appliance or the Docker container and proceed as normal. Access Manager retains the configuration information including certificates of the API Gateway if you do not delete the API Gateway. This causes issues if you redeploy the appliance with the same network configuration as the last time.

4.1.4 Updating the Secure API Manager Components after Changing the Network Configuration on an Appliance Deployment

If you need to change the network setting for an appliance after the deployment, you must change the network settings in the appliance administration console. Plus, you must run a separate system update script to update all of the Secure API Manager components.

Use the following procedures to ensure that all of the Secure API Manager components are aware of the IP address change.

To change an IP address on an appliance deployment:

  1. Complete the deployment of the appliance. For more information, see Deploying the Secure API Manager Appliance in the NetIQ Secure API Manager 2.2 Installation Guide.

  2. Log in to the appliance administration console and change the IP address. For more information, see Configuring Network Settings in the NetIQ Secure API Manager 2.2 Appliance Administration Guide.

  3. Set a password for the vaadmin account or enable SSH to the appliance to be able to SSH to the appliance to run the script. For more information, see Manage Administrative User Access or Enable SSH Access to the Appliance in the NetIQ Secure API Manager 2.2 Appliance Administration Guide.

  4. SSH to the appliance.

  5. Access the directory where the script is located by entering the following command:

    cd /var/opt/microfocus/sapim
  6. To execute the script, enter the following command:

    ./sapim-system-check.sh

4.1.5 Inconsistency After Changing Firewalls and the Access Services in the Docker Deployment

Issue: If you are using the Docker deployment, after changing firewalls, the Access Services, or anything that would impact the iptables in Docker causes inconsistency in these features.

Solution: After you make a change the impacts the Docker iptables, you must restart the Docker service to move the DOCKER-USER rule priority to the top in FORWARD chain. Use the following command to restart the Docker service:

systemctl restart docker

4.1.6 Appliance Not Receiving Updates after an Upgrade

Issue: The appliance is not receiving OS and Secure API Manager through the update channel.

Solution: After you upgrade the Secure API Manager appliance from 2.0 to 2.2, you must register the upgraded appliance with the same activation key that you used to register the 2.0 appliance. If you do not register the updated appliance, you will not receive any updates or patches through the update channel on the appliance.