Issues with Provisioning Server services failing to start during migration from standalone Identity Manager (IDM) 14.5 to Identity Governance and Administration (IGA) Xpress 15.
search cancel

Issues with Provisioning Server services failing to start during migration from standalone Identity Manager (IDM) 14.5 to Identity Governance and Administration (IGA) Xpress 15.

book

Article ID: 441456

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

During the migration from a standalone IDM 14.5 environment to IGA Xpress 15, the Provisioning Server services fail to start after deployment. The following traceback error is observed in the startup logs:

Traceback (most recent call last):
  File "/opt/brcm/iga/inst/imps/startup/imps.py", line 260, in <module>
    service_conf = ServiceConfig(**imps_conf)
  File "/opt/brcm/iga/conda/envs/main/lib/python3.14/site-packages/pydantic/main.py", line 250, in __init__
    validated_self = self.__pydantic_validator__.validate_python(data, self_instance=self)
pydantic_core._pydantic_core.ValidationError: 1 validation error for Provisioning Server Configuration
min_tls_version
  Input should be 'TLSv1_2' or 'TLSv1_3' [type=literal_error, input_value='TLSv1', input_type=str]

 

Environment

Environment

  • Source: Standalone Identity Manager 14.5
  • Target: IGA Xpress 15 (IGX 15)
  • Component: Provisioning Server (IMPS)

 

Cause

The issue is primarily caused by a configuration mismatch or incomplete data migration:

  1. TLS Version Mismatch: The Provisioning Server configuration was set to a version (e.g., 'TLSv1') not supported by the stricter validation rules in the new environment, which requires 'TLSv1_2' or 'TLSv1_3'.
  2. Incomplete Data Import: The Identity Management Provisioning Directory (IMPD) data export/import was not complete.
  3. Password Configuration: Issues with the Provisioning Administrator password prevented successful service authentication.

 

Resolution

To resolve the service startup failure, perform the following steps:

  1. Update TLS Settings: Ensure the Provisioning Server configuration is set to use TLSv1_2 or TLSv1_3. This can be verified/adjusted in the IGA Xpress console for the Provisioning Server settings.
  2. Re-import IMPD Data: Ensure the IMPD data is imported correctly and completely from the source environment.
  3. Reset Provisioning Admin Password: Change the Provisioning Administrator password to resolve authentication issues encountered during the initial migration.
  4. Update Hostnames/IPs: Review and update all IP addresses and hostnames in the settings that point to the old infrastructure to ensure they correctly reference the new IGA Xpress components.

 

Additional Information

Use tools like JXplorer to verify connectivity and login to the IMPD after ensuring necessary firewall rules are in place.

Powered by Wolken Software