Failing to run XPSExport with error "Administrator is disabled." but the user is not in disabled state.
search cancel

Failing to run XPSExport with error "Administrator is disabled." but the user is not in disabled state.

book

Article ID: 36469

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question:

Why am I unable to export policy store using XPSExport and getting "Administrator is disabled." message?

 

Answer:

Based on the code review and looking at strace, it was confirmed that the SYSTEM OS user who is running the XPSExport must have write permission to the $NETE_PS_ROOT folder.

If the user does not have write permission to $NETE_PS_ROOT then the XPSExport will fail with error "Administrator is disabled".

$NETE_PS_ROOT folder is created by the user who installs the Policy Server. So by default the system user(usually "smuser") will create siteminder folder with 775 permission.

If the policy server is run with different user account, then please ensure that user will have write permission to $NETE_PS_ROOT folder or the same error will be returned.

 

Additional Information:

Following is when "smuser" having write permission to $NETE_PS_ROOT folder is running XPSExport.

 

[[email protected] apps]$ XPSExport testing.xml -xb -npass

[XPSExport - XPS Version 12.51.0001.972]

Log output: XPSExport.2016-01-20_060907.log

Initializing XPS, please wait...

(WARN) : [sm-xpsxps-03500] CA.SPS: No product library.

Log Time Phase/Section                Objects        %%age       #Err Elapsed

-------- ------------------------ --------------- -----------  -----------------

06:09:13 Initializing

06:09:13 Analyzing                                             00:00:00

06:09:13 Reading                                               00:00:00

06:09:13 Reading/Configuration        157/503        31%       00:00:00  00:00:00

06:09:13 Reading/Policy Data          202/503        40%       00:00:00  00:00:00

06:09:13 Reading/Policy Data          252/503        50%       00:00:00  00:00:00

06:09:13 Reading/Policy Data          302/503        60%       00:00:00  00:00:00

06:09:13 Reading/Policy Data          353/503        70%       00:00:00  00:00:00

06:09:13 Reading/Policy Data          403/503        80%       00:00:00  00:00:00

06:09:14 Reading/Policy Data          453/503        90%       00:00:01  00:00:01

06:09:14 Reading/Security Data        497/503        98%       00:00:01  00:00:01

06:09:14 Sorting/Policy Data            0/338                  00:00:01

06:09:14 Sorting/Policy Data           34/338        10%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data           68/338        20%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          102/338        30%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          136/338        40%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          169/338        50%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          203/338        60%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          237/338        70%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          271/338        80%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          305/338        90%       00:00:01  00:00:00

06:09:14 Sorting/Policy Data          338/338       100%       00:00:01  00:00:00

06:09:14 Writing/Header                                        00:00:01

06:09:14 Writing/References            16/519         3%       00:00:01  00:00:00

06:09:14 Writing/Policy Data           52/519        10%       00:00:01  00:00:00

06:09:14 Writing/Policy Data          104/519        20%       00:00:01  00:00:00

06:09:14 Writing/Policy Data          156/519        30%       00:00:01  00:00:00

06:09:14 Writing/Policy Data          208/519        40%       00:00:01  00:00:00

06:09:14 Writing/Policy Data          260/519        50%       00:00:01  00:00:00

06:09:14 Writing/Policy Data          312/519        60%       00:00:01  00:00:00

06:09:14 Writing/Policy Data          354/519        68%       00:00:01  00:00:00

06:09:14 Writing/Configuration        364/519        70%       00:00:01  00:00:00

06:09:14 Writing/Configuration        416/519        80%       00:00:01  00:00:00

06:09:14 Writing/Configuration        468/519        90%       00:00:01  00:00:00

06:09:14 Writing/Configuration        511/519        98%       00:00:01  00:00:00

06:09:14 Writing/Security Data        513/519        98%       00:00:01  00:00:00

06:09:14 Writing/Footer                                        00:00:01  00:00:00

06:09:14 Complete                                              00:00:01

Total elapsed time:00:01

 

File is724,877 bytes.

 

Next is setting $NETE_PS_ROOT folder(/apps/CA/siteminder) to be read-only.

 

[[email protected] CA]$ ls -la

total 1408

drwxr-xr-x.  4 smuser smgroup    4096 Jan 20 03:43 .

drwxrwxrwx.  5 root   root       4096 Jan 20 06:09 ..

drwxrwxr-x. 32 smuser smgroup    4096 Jan  6 05:27 siteminder

 

[[email protected] CA]$ chmod 555 siteminder/

 

[[email protected] CA]$ ls -la

total 1408

drwxr-xr-x.  4 smuser smgroup    4096 Jan 20 03:43 .

drwxrwxrwx.  5 root   root       4096 Jan 20 06:09 ..

dr-xr-xr-x. 32 smuser smgroup    4096 Jan  6 05:27 siteminder

 

Running the same XPSExport command again.

 

[[email protected] apps]$ XPSExport testing-readonly.xml -xb -npass

[XPSExport - XPS Version 12.51.0001.972]

Log output: XPSExport.2016-01-20_061005.log

Initializing XPS, please wait...

(WARN) : [sm-xpsxps-03500] CA.SPS: No product library.

(ERROR) : [sm-xpsxps-04400] Administrator is disabled.

 

(FATAL) : [sm-xpsxps-04390] Unable to establish administration context.

 

 

Following is a snippet from strace output showing the user did not have write permission at $NETE_PS_ROOT folder.

 

 

access("/apps/CA/siteminder", W_OK) = -1 EACCES (Permission denied)

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:
Powered by Wolken Software