Provisioning Server Service Does Not Start - Error Code 21

book

Article ID: 6423

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

After either rebooting the Provisioning Server machine or restarting all DSAs and the Provisioning Server, the Provisioning Server service does not start.

From Service window we have the error message:

"error code 21"

Cause

The im_ps.log file display the following messages:

[14:21:06.078:00000B38] reading config file D:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\fips.conf

TLS: can't connect.

[14:21:09.218:00000B38] backend_startup: bi_db_open 0 failed!

[14:21:09.265:00000B38] slapd stopped.

[14:21:09.265:00000B38] connections_destroy: nothing to destroy.

 

Check the <hostname>-impd-main.dxc file under DX_HOME\config\ssld\personalities

The "Not After" line shows that is expired.

i.e Not After : Feb 22 19:28:51 2017 GMT

 

Environment

Identity Manager 12.x

Resolution

Because the certificate expired, re-create all DSAs certificates.

Follow these steps:

1. Backup your DX_HOME\config\ssld folder.

2. Stop all Connector Servers C++ and Java.

3. Stop all DSAs running "dxserver stop all".

4. From DX_HOME\config\bin, run the following command:

       dxcertgen -d <Number_of_Days> certs

       i.e dxcertgen -d 3650 certs       it will generate new certificates valid for 10 years

5. Start all DSAs running "dxserver start all".

6. Start both Connector Servers C++ and Java.

7. Start Provisioning Server service.