search cancel

Error : Invalid user name and password combination registering AdminUI

book

Article ID: 4718

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

After installing and configuring the AdminUI properly and having
registered the AdminUI running XPSRegclient, when trying to login to
the AdminUI I get this error in the browser :

  Error : "Invalid user name and password combination"

The policy server logs shows also an handshake error with the
AdminUI :

  [SmPolicyServer.cpp:1006][ERROR] Handshake error: Unknown Tunnel agent 'smtunnel-siteminder' in hello message
  [CServer.cpp:1630][ERROR] Handshake error: Unknown client name 'smtunnel-siteminder' in hello message
  [CServer.cpp:1728][ERROR] Bad security handshake attempt. Handshake error: 3160
  [CServer.cpp:1749][ERROR] Handshake error: Bad hostname in hello message
  [CServer.cpp:1901][ERROR] Failed handshake with XXX.YYY.ZZZ.VVV:NNN

 

Cause

 

The problem is because all components are not at the same level
version.

Policy Server and Store 12SP3 cannot be managed with an AdminUI 12.8.

 

Environment

 

AdminUI 12.8SP6 on RedHat 8;
Policy Server 12SP3CR02 on Solaris;

 

Resolution

 

Install an AdminUI 12.8SP6 only at the last step during an upgrade.

Following the upgrade guide (1)(2).

To migrate a deployment with multiple Policy Servers and agents,
remove one of the components from the environment. While the component
is being upgraded, the remaining components continue to protect
resources. Continue removing and upgrading components until all
components are upgraded or operating in mixed-mode compatibility.

The following figures show a simple r12.5x environment. The stages
detail the order in which existing components are upgraded. Each
figure depicts a single policy store and key store. However, a
deployment can use separate policy and key stores.

  1. In stage one, an r12.5x Policy Server is upgraded. The 12.8.x
     Policy Server operates in compatibility mode. Consider the
     following items:
     - The r12.5x agents continue to communicate with the 12.8.x
       Policy Server.
     - The 12.8.x Policy Server continues to communicate with the
       r12.5x policy and key store.
     - The r12.5x Policy Server continues to communicate with the
       r12.5x policy and key store.
  2. In stage two, the remaining Policy Server is upgraded to
     12.8.x. The 12.8.x Policy Servers operate in compatibility mode
     with the r12.5x policy and key store.
  3. In stage three, the collocated r12.5x policy and key store is
     upgraded to 12.8.x.
  4. In stage four, the Administrative UI is upgraded.

Note from the above that the Upgrade the r12.x Administrative UI is
at the last stage !

 

Additional Information

 

(1)

    Upgrade Order for In-place Upgrade
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade.html

(2)

    Upgrading
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading.html