search cancel

Error: Unable to locate parent for in Policy Server XPSExport failing

book

Article ID: 203542

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

When running the XPSExport command to export all Policy Store data, this command reports errors and the backup fails with these log lines:

    [768/140003288319808][Tue Oct 20 2020 09:24:46][Manifest.cpp:797][LoadClass][WARN][sm-xpsxps-04960] Unable to locate parent for "CA.SM::[email protected](Workflow.Properties)". Skipping.
    [768/140003288319808][Tue Oct 20 2020 09:24:47][EmitterR12.cpp:2162][OutputObjectsV1][FATAL][sm-xpsxps-05100] Unable to read attribute CA.SM::IMSEnvironment.AdditionalPropertiesLink[0] of object CA.SM::[email protected](IAM Customers Test)
    [768/140003288319808][Tue Oct 20 2020 09:24:47][XPSExport.cpp:1006][XPSExport][FATAL][sm-xpsxps-04840] Backup failed.

 

Environment

 

  Policy Server 12.8SP2 on Linux;

 

Cause

These objects can't be seen in AdminUI because they are incomplete. The corruption may come from a former upgrade or problem by creating or modifying the object. If an outage occurs on the Policy Server and Policy Store during data creation or modification, corruption might occur.

To avoid any corruption, you do need to check Policy Store data consistencies with XPSSweeper before any upgrade of the Policy Server.

To have the details about the corruption, get a report from the XPSSweeper command:

From the Policy Server machine, run the command:

  # XPSSweeper -a -changeset mychangesetfile.txt -report myreportfile.txt -vT

and review the myreportfile.txt along with the XPSSweeper.log.

XPSSweeper detects an amount of data corruption, for which there's no automatic way to correct them:

XPSSweeper.log

  [16948/140049535108928][Wed Oct 21 2020 13:28:06][XPSIO.cpp:521][InitialLoad][INFO][sm-xpsxps-00310] 6987 object(s) loaded from the Policy Store.
  [16948/140049535108928][Wed Oct 21 2020 13:28:07][Sweeper.cpp:1257][Sweeper][INFO][sm-xpsxps-04500] Starting Sweep.
  [16948/140049535108928][Wed Oct 21 2020 13:28:07][Sweeper.cpp:1328][Sweeper][INFO][sm-xpsxps-04500] Starting Sweep. (Validation.)

  [...]

  [16948/140049535108928][Wed Oct 21 2020 13:28:09][DoRepair.cpp:173][initRepairContext][INFO][SM-REPAIR-01015] Error count: 96, Number of errors for which Repair Modules are available: 0, Number of errors for which Repair Modules are not available: 96.

  [...]

  [16948/140049535108928][Wed Oct 21 2020 13:28:09][DoRepair.cpp:170][initRepairContext][INFO][SM-REPAIR-01011] Repair Module not available for error [sm-xpsxps-03250].
  [16948/140049535108928][Wed Oct 21 2020 13:28:09][XPS.cpp:830][Shutdown][INFO][sm-xpsxps-00240] XPS Shutdown Complete.

The myreportfile.txt gives the listing of all objects concerned by data problem and it gives indications on how to fix them. Do a review of them and try to group them by the type of issue for each one.

To illustrate :

myreportfile.txt :

1. (Name not unique)

  8 objects have the same name and names should be uniques (1):

  Name : CONTAINER

    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : DIRECTORY_SERVER_STICKINESS

    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : LDAP_CONNECTION_SETTINGS

    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : REPLICATION_WAIT_TIME

    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : SELF_SUBSCRIBING_BEHAVIOR

    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : SETTINGS

    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : dirMinSortRules

    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]

  Name : paging

    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]
    CA.SM::[email protected]

2. (Required parent missing)

  96 errors detected (2)

    1) CA.SM::[email protected]
    Object Name: audit.event.ALL.1010

    2) CA.SM::[email protected]
    Object Name: audit.event.ALL.2

    3) CA.SM::[email protected]
    Object Name: audit.event.ALL.3

    4) CA.SM::[email protected]
    Object Name: audit.event.ALL.5

    5) CA.SM::[email protected]
    Object Name: audit.event.ALL.7

    6) CA.SM::[email protected]
    Object Name: audit.event.ALL

    7) CA.SM::[email protected]
    Object Name: audit.event.Login

    8) CA.SM::[email protected]
    Object Name: audit.event.Logout

    9) CA.SM::[email protected]
    Object Name: audit.event.RuntimeStatusDetail

    10) CA.SM::[email protected]
    Object Name: audit

    11) CA.SM::[email protected]
    Object Name: CONTAINER

    12) CA.SM::[email protected]
    Object Name: CONTAINER

    13) CA.SM::[email protected]
    Object Name: DIRECTORY_SERVER_STICKINESS

    14) CA.SM::[email protected]
    Object Name: DIRECTORY_SERVER_STICKINESS

    15) CA.SM::[email protected]
    Object Name: DIRECTORY_SERVER_STICKINESS

    16) CA.SM::[email protected]
    Object Name: dirMinSortRules

    17) CA.SM::[email protected]
    Object Name: dirMinSortRules

    18) CA.SM::[email protected]
    Object Name: dirMinSortRules

    19) CA.SM::[email protected]
    Object Name: dirMinSortRules

    20) CA.SM::[email protected]
    Object Name: dirMinSortRules

    21) CA.SM::[email protected]
    Object Name: email_notification_rule.ADMIN

    22) CA.SM::[email protected]
    Object Name: email_notification_rule.USER

    23) CA.SM::[email protected]
    Object Name: email_notification_rule.USER_MANAGER

    24) CA.SM::[email protected]
    Object Name: email_notification_rules

    25) CA.SM::[email protected]
    Object Name: email_provider_service.enabled_events

    26) CA.SM::[email protected]
    Object Name: email_provider_service.enabled_tasks

    27) CA.SM::[email protected]
    Object Name: email_provider_service

    28) CA.SM::[email protected]
    Object Name: envsettings

    29) CA.SM::[email protected]
    Object Name: identityPolicies

    30) CA.SM::[email protected]
    Object Name: LDAP_CONNECTION_SETTINGS

    31) CA.SM::[email protected]
    Object Name: LDAP_CONNECTION_SETTINGS

    32) CA.SM::[email protected]
    Object Name: listener.Certify Role Event Listener

    33) CA.SM::[email protected]
    Object Name: listener.DefaultWorkflowMapper

    34) CA.SM::[email protected]
    Object Name: listeners

    35) CA.SM::[email protected]
    Object Name: logical_attribute.ConfirmPasswordHandler.logicalattrs

    36) CA.SM::[email protected]
    Object Name: logical_attribute.ConfirmPasswordHandler.physicalattrs

    37) CA.SM::[email protected]
    Object Name: logical_attribute.ConfirmPasswordHandler

    38) CA.SM::[email protected]
    Object Name: logical_attribute.ConfirmPinHandler.logicalattrs

    39) CA.SM::[email protected]
    Object Name: logical_attribute.ConfirmPinHandler.physicalattrs

    40) CA.SM::[email protected]
    Object Name: logical_attribute.ConfirmPinHandler

    41) CA.SM::[email protected]
    Object Name: logical_attribute.EnableUserHandler.logicalattrs

    42) CA.SM::[email protected]
    Object Name: logical_attribute.EnableUserHandler.physicalattrs

    43) CA.SM::[email protected]
    Object Name: logical_attribute.EnableUserHandler

    44) CA.SM::[email protected]
    Object Name: logical_attribute.ForcePasswordResetHandler.logicalattrs

    45) CA.SM::[email protected]
    Object Name: logical_attribute.ForcePasswordResetHandler.physicalattrs

    46) CA.SM::[email protected]
    Object Name: logical_attribute.ForcePasswordResetHandler

    47) CA.SM::[email protected]
    Object Name: logical_attribute.ForgottenPasswordHandler.logicalattrs

    48) CA.SM::[email protected]
    Object Name: logical_attribute.ForgottenPasswordHandler.physicalattrs

    49) CA.SM::[email protected]
    Object Name: logical_attribute.ForgottenPasswordHandler

    50) CA.SM::[email protected]
    Object Name: logical_attribute.SelfregOrgSelect

    51) CA.SM::[email protected]
    Object Name: logical_attribute.SelfSubscribingHandler.logicalattrs

    52) CA.SM::[email protected]
    Object Name: logical_attribute.SelfSubscribingHandler.physicalattrs

    53) CA.SM::[email protected]
    Object Name: logical_attribute.SelfSubscribingHandler

    54) CA.SM::[email protected]
    Object Name: logical_attribute.VerifyPasswordHandler.logicalattrs

    55) CA.SM::[email protected]
    Object Name: logical_attribute.VerifyPasswordHandler

    56) CA.SM::[email protected]
    Object Name: logical_attributes

    57) CA.SM::[email protected]
    Object Name: misc

    58) CA.SM::[email protected]
    Object Name: paging

    59) CA.SM::[email protected]
    Object Name: paging

    60) CA.SM::[email protected]
    Object Name: paging

    61) CA.SM::[email protected]
    Object Name: paging

    62) CA.SM::[email protected]
    Object Name: paging

    63) CA.SM::[email protected]
    Object Name: paging

    64) CA.SM::[email protected]
    Object Name: provision.outbound

    65) CA.SM::[email protected]
    Object Name: provision

    66) CA.SM::[email protected]
    Object Name: RECOMPILE_VERSION

    67) CA.SM::[email protected]
    Object Name: REPLICATION_WAIT_TIME

    68) CA.SM::[email protected]
    Object Name: REPLICATION_WAIT_TIME

    69) CA.SM::[email protected]
    Object Name: REPLICATION_WAIT_TIME

    70) CA.SM::[email protected]
    Object Name: roledef_packages

    71) CA.SM::[email protected]
    Object Name: SELF_SUBSCRIBING_BEHAVIOR

    72) CA.SM::[email protected]
    Object Name: SELF_SUBSCRIBING_BEHAVIOR

    73) CA.SM::[email protected]
    Object Name: SELF_SUBSCRIBING_BEHAVIOR

    74) CA.SM::[email protected]
    Object Name: SETTINGS

    75) CA.SM::[email protected]
    Object Name: SETTINGS

    76) CA.SM::[email protected]
    Object Name: SETTINGS

    77) CA.SM::[email protected]
    Object Name: SETTINGS

    78) CA.SM::[email protected]
    Object Name: SETTINGS

    79) CA.SM::[email protected]
    Object Name: taskHandler.BlthCheckForDuplicates

    80) CA.SM::[email protected]
    Object Name: taskHandler.BlthPasswordServices

    81) CA.SM::[email protected]
    Object Name: taskHandler.Check for Preventative Identity Policy

    82) CA.SM::[email protected]
    Object Name: taskHandler.Check for Rename Provisioning Role

    83) CA.SM::[email protected]
    Object Name: taskHandler.Check for Service or User Deletion BLTH

    84) CA.SM::[email protected]
    Object Name: taskHandler.Perform Analytics for Bulk Loader Task

    85) CA.SM::[email protected]
    Object Name: taskHandler.Provisioning Role Handler

    86) CA.SM::[email protected]
    Object Name: taskHandler.PX listener

    87) CA.SM::[email protected]
    Object Name: taskHandlers

    88) CA.SM::[email protected]
    Object Name: Theme

    89) CA.SM::[email protected]
    Object Name: userconsole

    90) CA.SM::[email protected]
    Object Name: webservice

    91) CA.SM::[email protected]
    Object Name: Workflow.Properties

    92) CA.SM::[email protected]
    Object Name: workflow

    93) CA.SM::[email protected]
    Object Name: workflow_delegation

    94) CA.SM::[email protected]
    Object Name: workflow_Participant_resolver.CertifyRoleParticipantResolver

    95) CA.SM::[email protected]
    Object Name: workflow_Participant_resolvers

3. (has an attribute named "" that points to an object of type '' that does not exist) (3)

    96) [sm-xpsxps-03491] IMSEnvironment[Test] has an attribute named 'AdditionalPropertiesLink' that points to an object of type 'IMSAdditionalPropertiesSet' that does not exist. (The unique ID of the IMSAdditionalPropertiesSet object being pointed to CA.SM::[email protected]2ds)

        Object ID: CA.SM::[email protected]
        Object Name: Test
        Object Path: IMSEnvironment[Test]

 In CA.SM::[email protected], there's a property linked to unexisting object CA.SM::[email protected]2ds

 

Resolution

 

Take a backup of the Policy Store data or clone the Policy Store instance to another one;

Modify the Policy Store data running XPSExplorer:

  - From the list 

  1. (Name not unique)

    Ensure that all names are unique, by renaming each of them accordingly;
     
  2. (Required parent missing)

    Check each object to insure no object in the Policy Store refer to them;
    Remove them from the Policy Store as orphan objects;
  3. (has an attribute named "" that points to an object of type '' that does not exist)

    Go to the object CA.SM::[email protected], find the property linked to unexisting object CA.SM::[email protected]2ds and modify the property data to link it to an existing object, or remove the property;

Additional Information

 

(1)

    XPS Sweeper integrity report
    

(2)

    Unable to locate parent for "CA.SM::SAMLv2IdP" object error
    

(3)

    XPSExport fails with error: "Unable to read attribute "CA.SM::<Object Class>.<AttributeName> of Object"