CA Single Sign On Secure Proxy Server (SiteMinder)AXIOMATICS POLICY SERVERCA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Issue/Introduction
We are currently deploying new SSO servers which will be 12.8. Following the documentation, our next step is to perform "smreg -su <password>" . When we run this step, we get this error message: The super user could not be saved in the policy store: Failed to create the super user account.
This is regarding setting up CA Directory as a CA SSO policy store.
Environment
CA SSO Policy Server 12.8 CA Directory as policy store
Resolution
1) We examined .dxc., .dxi, “.../DXserver/config/limits, etc.” for the DSA
2) Then we stepped through the docops documented procedure.
3) Set up Policy Server detailed profiler.
4) Ran “smreg -tu <password>” command, that provided smtrace pointing to the root object level issue, perhaps not formed correctly.
=====>>> Policy store failed operation 'MultipleSearch' for object type 'Root'
Could something have gone wrong in setting root object for CA Directory, please review the doc link I shared to see if you missed any step there.
[05/17/2018][16:23:00.564][5780][5336][SmObjProvider.cpp:887][Fetching 'Root' object with oid][][][][CSmObjProvider::Fetch][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.566][5780][5336][SmObjProvider.cpp:188][LogMessage:ERROR:[sm-Server-03090] Policy store failed operation 'MultipleSearch' for object type 'Root' . LDAP Error in Root_Fetch for AgentGroups: 32: No such object][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.567][5780][5336][PolicyCache.cpp:1057][LogMessage:ERROR:[sm-Server-03710] Failed to load an object: 0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.568][5780][5336][SmObjStore.cpp:565][LogMessage:ERROR:[sm-Server-05270] Secondary cache build failure.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.569][5780][5336][SmObjStore.cpp:1584][LogMessage:INFO:[sm-Server-00050] Object store initialized][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.570][5780][5336][SmObjProvider.cpp:676][Searching for 'Admin' object with a search key in one domain][][][][CSmObjProvider::Search][][Name : 'siteminder'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.571][5780][5368][SmObjStore.cpp:1205][LogMessage:INFO:[sm-Server-00110] Starting object store journal thread][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.572][5780][5336][SmObjProvider.cpp:676][Searching for 'Admin' object with a search key in one domain][][][][CSmObjProvider::Search][][Name : 'siteminder'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [05/17/2018][16:23:00.575][5780][5336][SmObjProvider.cpp:188][LogMessage:ERROR:[sm-Server-03090] Policy store failed operation 'Search' for object type 'Admin' . LDAP Error Doing Admin_Search: 32: No such object][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
4) During configuring, and creating the admin LDAP object:
cn=admin ou=Netegrity ou=SiteMinder ou=PolicyuSvr4 <<<=== typo here; it should be PolicySvr4, which is expected by the Policy Server.
5) Corrected as above, and reran "smreg -su <password>", which worked.