When running the command smkeyexport, the command fails and reports the following error:
# ./smkeyexport -omykeysexport.txt -d<username> -w<password> -c
Unable to decrypt persistent key with policy store / key store key
Unable to decrypt agent key with policy store / key store key
Unable to decrypt agent key with policy store / key store key
Unable to decrypt agent key with policy store / key store key
Unable to decrypt agent key with policy store / key store key
This is parallel upgrade. Both environments share the same Encryption Key.
The parallel upgrade to SiteMinder 12.8.03 consisted in:
Keys from the Policy Servers has never been copied. The only copy is the complete Key Store from the existing Directory Server to new Directory Server.
Policy Server 12.8SP3 on RedHat 7;
Policy Store on CA Directory 14;
The KeyStoreEncryptionKey attribute in the SM. Registry file is empty in the new environment, whereas it has some value in the working fine environment.
Working Environment :
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore=<value>
KeyStoreEncryptionKey= {RC2}<value>; REG_SZ
Failing Environment :
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore=<value>
KeyStoreEncryptionKey= ; REG_SZ
Copy manually the same value of sm.registry KeyStoreEncryptionKey Key from working fine Policy Server to new one and restart the Policy Server to solve the issue.
To modify the KeyStoreEncryptionKey value from the registry without the use of smconsole, use the command XPSConfig:
SM
Option 71-KeyStoreEncryptionKey