In the SSO R8.1CR20 and R12CR4 server releases, a unique SSO Watchdog account is being created to prevent authentication collisions in the Policy Server Token Directory. If a situation arises where a broken or corrupted Access Control database can only be restored from another server in a SSO farm, please perform the following steps to ensure that the Watchdog process will continue to work after the restore is complete. The solution steps can be accomplished right after your install or upgrade is complete. Any future upgrades will also need to have the Watchdog account credentials reset again to make sure the data is consistent across all of your AC databases if you wish to continue to have a universally acceptable Watchdog account in the SSO farm.
This technical document assumes that the data residing inside the Access Control databases in your SSO server farm have the same values including passwords for administrative accounts. Please backup your existing Access Control databases before performing the steps in this solution.
To begin, you will notice that the install has created a unique ID in your local machine > users container. This user contains that same rights and privilege as the original pswd-pers account. This account is unique in that the tail of it's name is the last octet of your SSO servers' machine IP address. For example:
Machine IP is 192.168.0.157
Watchdog account ID is pswd-157
Do not worry if you plan to change the machine IP address in the future. The Watchdog service will continue to function properly.
SSOserver 1 = 192.168.0.157 > pswd-157
SSOserver 2 = 192.168.0.158 > pswd-158
As always, if you have any concerns with the solution given in this technical document, do not hesitate to open an issue with CA Support Online.
Release: SOASA199000-12.1-SOA Security Manager-w/ SOA Agent Addl CPUs