12.8sp6a Linux policy server in-place upgrade fails with TestCryptoConfig.sh and SetCryptoConfig.sh error as below:

failed. 
COMMAND: sh /tmp/830711.tmp/TestCryptoConfig.sh 

COMMAND: sh /tmp/830711.tmp/SetCryptoConfig.sh 

When this error occurs, EncryptionKey.txt file or sm.registry may be overwritten/deleted, which causes policy server never start again, and the same error will repeat during upgrade.

Also noticed ~/config/JVMOptions.txt may be gone and varies lib files were not fully deployed.

Release : 12.8

Component : SITEMINDER -POLICY SERVER

This error has repeated occurrence on Linux in-place upgrade use case in particular.

In the past, it often was due to .com.zerog.registry.xml file missing entry like <product name=""Symantec SiteMinder Policy Server"..., etc.

However, in this case, that was not the cause.

The original policy server installation location is something like /apps/Siteminder12.8/PolicyServer. And when checking NETE_PS_ROOT, it points to /apps/Siteminder12.8/PolicyServer.

12.8sp6 and 12.8sp6a installer requires SiteMinder install location should end with siteminder (case sensitive) folder.

When the actual siteminder deployment folder is missing, the installer failed the upgrade midway.

• Prior upgrade, ensure to back up entire policy server installation directory and files, including .com.zerog.registry.xml, EncryptionKey.txt, sm.registry, JVMOptions.txt, etc.
• Ensure policy server can be and is started by smuser already.
• Verify process is up by command "ps -ef | grep smpolicysrv".
• If process is started by other user id, stop it, and clean up /tmp directory (delete GCL-SiteMinder-A.pipe, GCL-SiteMinder-B.pipe, GCL-SiteMinder.sem, snrrpni?{{?pip), then start it as smuser.
• smuser is the user account that installs and runs policy server. 

https://knowledge.broadcom.com/external/article?articleId=127226

DE533452