search cancel

Identity Portal is down

book

Article ID: 189714

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

In a two node cluster users are unable to access CA Identity Portal
In the Identity Portal server logs the service fails to start due to missing dependencies on one of the nodes.  The Vapp Main logs indicate the following:

[INFO] Waiting for Identity Portal Admin UI to start (timeout=300 seconds)
[ERROR] Failed to Encrypt string. Error 127: 
Key File location=/opt/CA/VirtualAppliance/conf/FIPSkey.dat
encryptString Plain Text: [1
encryptString Encrypted value: {AES}:value
encryptString /opt/CA/VirtualAppliance/scripts/.webapp/Password_Utils/encryptString: line 85: 31m[ERROR]: command not found
encryptString [WARN] Encryption operation returned error #127
startPortalMainConnector [WARN] Identity Portal Admin UI is not up after 300 seconds

Environment

Release : 14.x

Component : IdentityPortal (Virtual Appliance)

Resolution

  1. Compare the FIPSKey.dat file from the working node to the non working node.
  2. If the keys are different copy the FIPSKey.dat file from the working node to the non working node
  3. Reboot the non working server
Shown below the FIPs keys must match

Additional Information

For more information on FIPS please refer to the following link: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/configuring/fips-140-2-compliance.html

Attachments