search cancel

XPSRegClient is Failing with 'Invalid Password'

book

Article ID: 112475

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are unable to register an Admin UI to a new server added to the environment.  We are certain we are using the correct password for the Siteminder superuser account, but the XPSRegClient command keeps complaining about the password.

Environment

All supported environments

Cause

The Policy Server encryption key was not the same on the new policy server as it was on the other policy servers connected to the same policy store.  This made XPSRegClient believe the password supplied with the command was wrong since the encryption context was wrong.

Resolution

Since the policy servers were on Windows, we were able to copy the Encryptionkey.txt file from one of the existing servers to the new one.  The passwords stored in the Policy Server Management Console were updated after the file was copied.  The Management Console only reads the encryption key as it starts, so the Management Console must be closed and reopened if it was open at the time of the file copy.  After these changes the XPSRegClient command succeeded as expected using the same credentials as earlier attempts.

Additional Information

Please note the Encryptionkey.txt can only be copied from one host to another on Windows platforms.  Unix platforms apply host-specific details to the encryption algorithm and thus cannot share encrypted files.