Endpoint PAMSC 1410-0.1265 - Policy signature problem
search cancel

Endpoint PAMSC 1410-0.1265 - Policy signature problem

book

Article ID: 186787

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction


Trying to deploy policy from PIM 14.0 Server to PAMSC 14.1 Endpoint

But we have problems to deploy Policy :

Here is the message in policyfetcher.log :

10:37:13 AM@Feb 26 2020 - executing deployment "1582709544#09bc559b-5cde-490e-88fd-421d3e60629d"

10:37:13 AM@Feb 26 2020 - ERROR: command "deploy POLICY ("TEST#01") deployment("1582709544#09bc559b-5cde-490e-88fd-421d3e60629d")" returned failures, rv = 36880
10:37:13 AM@Feb 26 2020 - LCA returned ((localhost)
WARNING: Signature of policy: TEST#01 is invalid. The policy cannot be deployed.
Successfully updated HNODE __local__
Policy TEST#01 was successfully deployed.
)
10:37:13 AM@Feb 26 2020 - policy status for "TEST#01" is SigFailed
10:37:13 AM@Feb 26 2020 - deployment status for "1582709544#09bc559b-5cde-490e-88fd-421d3e60629d" is SigFailed
10:37:13 AM@Feb 26 2020 - updating status of DEPLOYMENT "1582709544#09bc559b-5cde-490e-88fd-421d3e60629d"


And if we try to redeploy the policy :

10:41:23 AM@Feb 26 2020 - Deleting local RULESET "TEST#01" - has different signature than DH
10:41:23 AM@Feb 26 2020 - creating RULESET "TEST#01"...
10:41:23 AM@Feb 26 2020 - Deleting local POLICY "TEST#01" - has different signature than DH
10:41:23 AM@Feb 26 2020 - ERROR: command "rmres POLICY ("TEST#01") noexit" returned failures, rv = 36882
10:41:23 AM@Feb 26 2020 - LCA returned ((localhost)
WARNING: The policy: TEST#01 is deployed. The policy cannot be deleted.
ERROR: Failed to fetch data for Object 515
)
10:41:23 AM@Feb 26 2020 - creating POLICY "TEST#01"...
10:41:23 AM@Feb 26 2020 - ERROR: command "newres POLICY ("TEST#01")" returned failures, rv = 10028
10:41:23 AM@Feb 26 2020 - LCA returned ((localhost)
ERROR: Failed to create POLICY TEST#01
Already exists
)
10:41:23 AM@Feb 26 2020 - failed to store DEPLOYMENT "1582709968#49bcdf5c-f734-4a96-b2f5-540a99f1f21c"


If I check the signature :

- in the EM DMS__

AC> sr policy TEST#01 useprops(SIGNATURE)
(DMS__@localhost)
Data for POLICY 'TEST#01'
-----------------------------------------------------------
Signature         : 4548D334033F70C465FF53E891EFD50F5695111B
AC>


- on the local server database

PAMSC> sr policy TEST#01 useprops(SIGNATURE)
(localhost)
Data for POLICY 'TEST#01'
 -----------------------------------------------------------
Signature         : 748821A0AE985A9A7E50DBE754E42454B12A696F5C5015A8EFB9B8D5283C1A326AA44E60A3EE4F89ED345A262FF501171E05D3A6B72FACF885791A7C5DB26778000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
PAMSC>


How to avoid this problem ?


 

Environment

Release : 14.0

Component : CA ControlMinder

and endpoint PAM Server Control 14.1

 

Cause

This is because the sh1 and sh2 from the different seos versions

Resolution

WE provided a new fix to customer tha solve the problem     
acpatch-DE449723-14.10.0.1330-_LINUX_X64.zip.

Should be included in last versions.