XPSExport fails with error: "Unable to read attribute "CA.SM::<Object Class>.<AttributeName> of Object"
search cancel

XPSExport fails with error: "Unable to read attribute "CA.SM::<Object Class>.<AttributeName> of Object"


Article ID: 4453


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



We're running XPSExport command, and this one fails with error :

  "Unable to read attribute "CA.SM::<Object Class>.<AttributeName> of Object"

How can we fix this ?




All Policy Server versions;
All Policy Store versions;




The object has an attribute which is essentially a link to another
object. That attribute is populated with an object XID which doesn't
exist in the Policy Store.

To illustrate :

Unable to read attribute 


of object


The XID of the object is


This object class has an attribute named "UserPolicyLink"


This attribute would normally be populated with the XID of a


In this case, the attribute is empty. In some cases, it might occur
that this attribute has been populated with an XID which doesn't
exist. In either case it will need to be fixed in order for the
XPSExport to complete successfully.




Use XPSExplorer to Delete the Object :

  1. Run XPSExplorer and review the XID of the object
     Verify whether the 'UserPolicyLink' attribute is populated.  If so,
     search for that XID. If the field is empty or the XID does not
     exist, then the object will need to be removed;

  2. Attempt to delete the object in XPSExplorer;

  3. If the object cannot be deleted in XPSExplorer we will need to
     delete the object manually;

Manually Delete the Object :

  1) Execute an LDIF export of the policy store using the 3rd party
     LDAP tools provided by the LDAP Vendor;

  2) Locate the XID of the object. Record the Distinguished Name (DN);

  3) Locate the XPSNumber of the object :



  4) Delete the DN's manually;