Class is Unidentified Errors While Configuring Policy Store Replication

book

Article ID: 77017

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We followed below CA Directory documentation to setup policy store replication between 2 DSAs, and we are getting multiple multiple class "xxxxx" is undefined error via the console: 

(ERROR) : [sm-xpsxps-00270] Class 712809123 is undefined. 
(ERROR) : [sm-xpsxps-00270] Class 712809123 is undefined. 
(ERROR) : [sm-xpsxps-00270] Class 1397826539 is undefined. 

This issue is observed only when we setup policy store replication between 2 DSAs 

We have set-up Multiwrite-DISP Replication between DSAs as documented: 

https://docops.ca.com/ca-directory/12-6/en/administrating/set-up-replication/multiwrite-replication-with-disp-recovery-multiwrite-disp/example-set-up-multiwrite-disp-replication-between-dsas

How can we resolve this?

Cause

The class undefined errors are coming because you separately initialized both policystores and later tried to enable “multi-write DISP recovery”.

However, according to the documentation https://docops.ca.com/cad126/administrating/set-up-replication/multiwrite-replication-with-disp-recovery-multiwrite-disp/add-a-dsa-to-a-multiwrite-disp-system, the second store needs to be an empty one.

Environment

Policy Server = Version: 12.7; Update: 00.00; Build: 1194; CR: 00; on Red Hat Enterprise Linux Server release 6.9 

CA Dir as Policy Store = dxserver 12.6.03 (build 14056) on Red Hat Enterprise Linux Server release 6.9 
 

Resolution

Follow below steps to correctly configure Policy Store Replication: 


1) Created a new instance of CA Directory (ps1) & followed the documentation https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-a-ca-directory-policy-store to configure it as policy store with Policy Server1. All default objects got imported to the policystore and XPSRegClient worked perfectly fine. Later the policyserver 1 was stopped. 

2) Created a new instance of CA Directory (ps2) on a different machine. Only changes to the config & initialization files was done. All steps from the topic “Open the DSA” have not been performed. So basically this store did not have any data in it. 

3) Followed the steps in the document https://docops.ca.com/cad126/administrating/set-up-replication/multiwrite-replication-with-disp-recovery-multiwrite-disp/example-set-up-multiwrite-disp-replication-between-dsas/ to enable multi-write disp recovery among both the policy stores (ps1 & ps2 resp) 

4) Verified the CA Directory logs and confirmed that the replication was successful. 

5) Connected to ps2 using JXplorer and observed that the objects got replicated successfully. 

6) Now, pointed PolicyServer2 to ps2 instance & observed that the PS started successfully. 

7)Executed XPSRegClient on PolicyServer2, the command got executed successfully without any errors.