search cancel

Linux in-place upgrade fails with TestCryptoConfig.sh and SetCryptoConfig.sh error

book

Article ID: 240140

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder)

Issue/Introduction

12.8sp6a Linux policy server in-place upgrade fails with TestCryptoConfig.sh and SetCryptoConfig.sh error as below:

failed. 
COMMAND: sh /tmp/830711.tmp/TestCryptoConfig.sh 

COMMAND: sh /tmp/830711.tmp/SetCryptoConfig.sh 

When this error occurs, EncryptionKey.txt file or sm.registry may be overwritten/deleted, which causes policy server never start again, and the same error will repeat during upgrade.

Also noticed ~/config/JVMOptions.txt may be gone and varies lib files were not fully deployed.

Environment

Release : 12.8

Component : SITEMINDER -POLICY SERVER

Cause

This error has repeated occurrence on Linux in-place upgrade use case in particular.

In the past, it often was due to .com.zerog.registry.xml file missing entry like <product name=""Symantec SiteMinder Policy Server"..., etc.

However, in this case, that was not the cause.

The original policy server installation location is something like /apps/Siteminder12.8/PolicyServer. And when checking NETE_PS_ROOT, it points to /apps/Siteminder12.8/PolicyServer.

12.8sp6 and 12.8sp6a installer requires SiteMinder install location should end with siteminder (case sensitive) folder.

When the actual siteminder deployment folder is missing, the installer failed the upgrade midway.

Resolution

  • Prior upgrade, ensure to back up entire policy server installation directory and files, including .com.zerog.registry.xml, EncryptionKey.txt, sm.registry, JVMOptions.txt, etc.
  • Ensure policy server can be and is started by smuser already.
  • Verify process is up by command "ps -ef | grep smpolicysrv".
  • If process is started by other user id, stop it, and clean up /tmp directory (delete GCL-SiteMinder-A.pipe, GCL-SiteMinder-B.pipe, GCL-SiteMinder.sem, snrrpni?{{?pip), then start it as smuser.
  • smuser is the user account that installs and runs policy server. 
For a successful in-place upgrade, NETE_PS_ROOT should end with siteminder.  
Please follow the below work around steps:
 
1) create a soft link to PolicyServer. 
2) cd /apps/Siteminder12.8
3) ln -s PolicyServer siteminder
4) export NETE_PS_ROOT=/apps/Siteminder12.8/siteminder
5) ./ca-ps-12.8-sp06a-linux-x86-64.bin -i console
 
By following the above steps, policy server in-place upgrade was successful.

Additional Information

https://knowledge.broadcom.com/external/article?articleId=127226

DE533452