TestCryptoConfig.sh and SetCryptoConfig.sh error in Linux
search cancel

TestCryptoConfig.sh and SetCryptoConfig.sh error in Linux

book

Article ID: 240140

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder)

Issue/Introduction


12.8sp6a Linux Policy Server in-place upgrade fails with TestCryptoConfig.sh and SetCryptoConfig.sh error as below:

  failed. 
  COMMAND: sh /tmp/830711.tmp/TestCryptoConfig.sh 
  COMMAND: sh /tmp/830711.tmp/SetCryptoConfig.sh 

When this error occurs, EncryptionKey.txt file or sm.registry may be overwritten/deleted, which causes Policy Server to never start again, and the same error will repeat during the upgrade.  

Also, noticed /<policy_server_install_folder>/config/JVMOptions.txt may be gone and varies lib files were not fully deployed.

 

Cause


This error has repeated occurrence on Linux in-place upgrade use case in particular.

In the past, it often was due to .com.zerog.registry.xml file missing entry like <product name=""Symantec SiteMinder Policy Server"..., etc.

However, in this case, that was not the cause.

The original Policy Server installation location is something like /<policy_server_install_folder>. And when checking NETE_PS_ROOT, it points to /<policy_server_install_folder>.

12.8sp6 and 12.8sp6a installer requires SiteMinder install location should end with siteminder (case sensitive) folder.

To illustrate:

  /<policy_server_install_folder>/siteminder

When the actual siteminder deployment folder is missing, the installer failed the upgrade midway.

 

Resolution

 

  • Prior the upgrade, ensure to back up entire policy server installation directory and files, including .com.zerog.registry.xml, EncryptionKey.txt, sm.registry, JVMOptions.txt, etc.
  • Ensure the Policy Server can be and is started by smuser already.
  • Verify the process is up by command:

    # ps -ef | grep smpolicysrv

  • If the process is started by another user id, stop it, and clean up /tmp directory (delete GCL-SiteMinder-A.pipe, GCL-SiteMinder-B.pipe, GCL-SiteMinder.sem, snrrpni?{{?pip), then start it as smuser (1).
  • smuser is the user account that installs and runs the Policy Server.
  • For a successful in-place upgrade, NETE_PS_ROOT should end with SiteMinder.  

Follow the below workaround steps:
 
Create a soft link to PolicyServer. 

  1. # cd /<policy_server_install_folder>/folder
  2. # ln -s folder siteminder
  3. # export NETE_PS_ROOT=/<policy_server_install_folder>/siteminder
  4. # ./ca-ps-12.8-sp06a-linux-x86-64.bin -i console
     

By following the above steps, the Policy Server in-place upgrade will be successful.

 

Additional Information

 

  1. Error: Policy Server is not running on Policy Server upgrade
    https://knowledge.broadcom.com/external/article?articleId=127226

 

Powered by Wolken Software