Linux in-place upgrade fails with TestCryptoConfig.sh and SetCryptoConfig.sh error

book

Article ID: 240140

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder)

Issue/Introduction

12.8sp6a Linux policy server in-place upgrade fails with TestCryptoConfig.sh and SetCryptoConfig.sh error as below:

failed. 
COMMAND: sh /tmp/830711.tmp/TestCryptoConfig.sh 

COMMAND: sh /tmp/830711.tmp/SetCryptoConfig.sh 

When this error occurs, EncryptionKey.txt file or sm.registry may be overwritten/deleted, which causes policy server never start again, and the same error will repeat during upgrade.

Also noticed ~/config/JVMOptions.txt may be gone and varies lib files were not fully deployed.

Cause

This error has repeated occurrence on Linux in-place upgrade use case in particular.

In the past, it often was due to .com.zerog.registry.xml file missing entry like <product name=""Symantec SiteMinder Policy Server"..., etc.

However, in this case, that was not the cause.

The original policy server installation location is something like /apps/Siteminder12.8/PolicyServer. And when checking NETE_PS_ROOT, it points to /apps/Siteminder12.8/PolicyServer.

12.8sp6 and 12.8sp6a installer requires SiteMinder install location should end with siteminder (case sensitive) folder.

When the actual siteminder deployment folder is missing, the installer failed the upgrade midway.

Environment

Release : 12.8

Component : SITEMINDER -POLICY SERVER

Resolution

  • Prior upgrade, ensure to back up entire policy server installation directory and files, including .com.zerog.registry.xml, EncryptionKey.txt, sm.registry, JVMOptions.txt, etc.
  • Ensure policy server can be and is started by smuser already.
  • Verify process is up by command "ps -ef | grep smpolicysrv".
  • If process is started by other user id, stop it, and clean up /tmp directory (delete GCL-SiteMinder-A.pipe, GCL-SiteMinder-B.pipe, GCL-SiteMinder.sem, snrrpni?{{?pip), then start it as smuser.
  • smuser is the user account that installs and runs policy server. 
For a successful in-place upgrade, NETE_PS_ROOT should end with siteminder.  
Please follow the below work around steps:
 
1) create a soft link to PolicyServer. 
2) cd /apps/Siteminder12.8
3) ln -s PolicyServer siteminder
4) export NETE_PS_ROOT=/apps/Siteminder12.8/siteminder
5) ./ca-ps-12.8-sp06a-linux-x86-64.bin -i console
 
By following the above steps, policy server in-place upgrade was successful.

Additional Information

https://knowledge.broadcom.com/external/article?articleId=127226

DE533452