After VAPP migration from Centos8 to Centos9 you are unable to connect to the Provisioning Server using JXplorer
Article ID: 406499
Updated On:
Products
CA Identity Suite
Issue/Introduction
"After a successful centos9 migration and recreating the personalities and fixing a CA Directory replication message in the Provisioning Server, JXplorer was unable to connect to two out of four VApp provisioning stores. The existing CentOS 8 nodes worked correctly, but the CentOS 9 nodes could not connect.
If after you correct any obvious replication or SSL personality issues in the logs but you still can't connect to the Provisioning Server using JXplorer (IM will fail as well) the following may help
If after you correct any obvious replication or SSL personality issues in the logs but you still can't connect to the Provisioning Server using JXplorer (IM will fail as well) the following may help
Environment
VAPP 14.5
Resolution
- Stop the Provisioning Server (stop_ps) on all nodes.
- From a working CentOS 8 appliance, copy the following keys to the /tmp folder on the CentOS 9 nodes:
- /opt/CA/SharedComponents/
EnterpriseCommonServices/ registry/hkey_local_machine/ software/computerassociates/ identity_manager/provisioning_ server/domains/eta/ etpassworddb - /opt/CA/SharedComponents/
EnterpriseCommonServices/ registry/hkey_local_machine/ software/computerassociates/ identity_manager/provisioning_ server/domains/im/etpassworddb - On each CentOS 9 node:
- As user imps (su - imps), copy the keys to their respective locations.
- Ensure the file and directory permissions match those on the source system.
- Restart the Provisioning Server on all nodes using stop_ps
- After that JXplorer was able to reach any of the four nodes and Identity Manager was able to connect as expected.
-
Post-migration, the system may still contains references to the old Provisioning Directory. Follow the given steps to update them with the new provisioning entries.
- Connect to the Provisioning Directory using any LDAP tool. Connect using the following connection details:
port: 20391
bind DN: eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=im,dc=etadb - Update the following Provisioning Directory entries. They contain attributes (eTDSADbHost, eTDSAHost) with old system names.
eTDSAName=im,eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb
eTDSAName=im,eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=im,dc=etadb - Remove entries representing old provisioning system from eTConfigParamFolderName=Servers,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=im,dc=etadb
- Remove entries representing old provisioning system from dc=notify,dc=etadb
- Connect to the Provisioning Directory using any LDAP tool. Connect using the following connection details:
Feedback
Yes
No
Powered by
