After having installed SDK and trying to use the SM Test Tool included to do some tests for a custom authentication scheme from the same box.

The host registration was done correctly (using smreghost and generating a SmHost.conf), the following error when trying to connect to the Policy Server, using the SmHost.conf from registration:

  "Cannot obtain host configuration information using specified SmHost.conf file"

The smps.log show the following:

  [25/12/2017][14:29:55][1234][1092][CServer.cpp:2058][CAgentMessageHandler::DoWork][10.0.0.1][63940][New connection attempt from client host]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:1842][GetSecretFunc][Getting current secret for the Agent <agentname>]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:1899][GetSecretFunc][Getting previous secret for the Agent <agentname>]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:1905][GetSecretFunc][Error while fetching previous secret for the Agent <agentname>]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:1948][LogMessage:ERROR: Bad security handshake attempt. Handshake error: 3154]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:1959][LogMessage:ERROR: Handshake error: Shared secret incorrect for this client]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:2121][LogMessage:ERROR: Failed handshake with 10.0.0.1:63940]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:2127][CAgentMessageHandler::DoWork][10.0.0.1][63940][Handshake error with trusted host <agentname> with IP 10.0.0.1 on Port No 63940]
  [25/12/2017][14:29:55][1234][1092][CServer.cpp:3054][CAgentMessageHandler::HandleClose][10.0.0.1][63940][Ending client session #215758]

When testing of the Policy Server SM Test Tool using the same SmHost.conf, it works.

SDK R12.52 SP1

This error happens because the SDK installer does not install automatically any CAPKI libraries which are needed when using the SM Test Tool.

It works in the Policy Server, as this one installs the CAPKI libraries, so this will work on any machine where an installed a component which installs the CAPKI libraries, like the Web Agent or CA Access Gateway (SPS).

The following location can be checked for SDK (1).

To solve this, install the CAPKI (formerly ETPKI) libraries manually by using the installer included in the SDK path:

  <SDK_install_path>/etpki-install       (for 32 bit)
  <SDK_install_path>/etpki-install-64    (for 64 bit)

Here, run the setup tool included as follows:

  setup install caller=smtesttool instdir=<install_path>

Where install_path will be the installation directory for the CAPKI libraries.

Optionally, specify the verbose parameter so some output files will show up to warn when the process is finished, as the setup tool is a silent installer.

For Linux, optionally the following parameter to enable setting environment variables for the specified users:

  env=<none|user|all>    
  none: do not set environment variables (default; it may require root
        privileges depending on the installation directory)
  user: current user only ($HOME/.profile)
  all : all users (for using this, login must be root).
  Note:
  If /etc/profile should not be updated as part of CAPKI installation (with env=all option), then Update_Profile=0 should be set in the environment before the installation of CAPKI.
  
After the command is triggered, a tmp folder is created in the destination path that will appear until the installation finishes.

A log file in the Windows temp folder (%TEMP%/capki_install.log) or for Linux in the /tmp folder (/tmp/capki_install.log).

When finished, for Windows, a restart of the machine is needed so the new registry entries set are loaded.
 

1. Known Issues for the SDK