Upgrading PIM or PAM SC without unloading the kernel module does not work

book

Article ID: 191824

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Starting version 14.0 of PAM SC or PIM, it is possible to upgrade CA ControlMinder or CA PAM Server Control Solaris and Linux endpoints without unloading the kernel module, according to:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-0/release-information/new-and-changed-features.html

Doing the upgrade process with the Native package, the following error is obtained:

rpm -Uvh http://NN/AC/rel/rhel/RHEL-CAeAC-1410-0.1375.x86_64.rpm
Retrieving http://NN/AC/rel/rhel/RHEL-CAeAC-1410-0.1375.x86_64.rpm
Preparing...                          ################################# [100%]
CA Privileged Access Manager Server Control is loaded.
CA Privileged Access Manager Server Control needs to be unloaded first in order for install to complete.
error: %pre(CAeAC-1410-0.1375.x86_64) scriptlet failed, exit status 1
error: CAeAC-1410-0.1375.x86_64: install failed
error: CAeAC-1410-0.1335.x86_64: erase skipped


Environment

CA PAM SERVER CONTROL 14.X

Resolution

To be able to proceed the security daemon must be stopped beforehand and the kernel modules loaded must be marked as inactive

So, before the upgrade it is necessary to run:

secons -s
SEOS_load -u

After these commands, the installation may be attempted and it may come back with a message about the kernel module being still loaded, but installation will continue and the product will be upgraded correctly