Following CA Directory documentation to setup Policy Store replication
between 2 DSAs, multiple multiple class "xxxxx" is undefined error are
seen via the console:
(ERROR) : [sm-xpsxps-00270] Class 712809123 is undefined.
(ERROR) : [sm-xpsxps-00270] Class 712809123 is undefined.
(ERROR) : [sm-xpsxps-00270] Class 1397826539 is undefined.
This issue is observed only when Policy Store replication between 2
DSAs.
Multiwrite-DISP Replication has been configured between DSAs as
documented (1).
The class undefined errors are coming because both Policy Stores
Instances have been separately initialized and later tried to enable
"multi-write DISP recovery".
However, according to the documentation, the second store needs to be
an empty one (2).
Policy Server 12.8SP5 on RedHat 6.9;
Policy Store CA Directory 14.1;
Follow below steps to correctly configure Policy Store Replication:
1) Created a new instance of CA Directory (ps1) & followed the
documentation to configure it as Policy Store with Policy Server1
(3). All default objects got imported to the Policy Store and
XPSRegClient worked perfectly fine. Later the Policy Server 1 was
stopped.
2) Created a new instance of CA Directory (ps2) on a different
machine. Only changes to the config & initialization files was
done. All steps from the topic "Open the DSA" have not been
performed. So basically this store did not have any data in it.
3) Followed the steps in the document to enable multi-write disp
recovery among both the policy stores (ps1 & ps2 resp) (1).
4) Verified the CA Directory logs and confirmed that the replication
was successful.
5) Connected to ps2 using JXplorer and observed that the objects got
replicated successfully.
6) Now, pointed Policy Server2 to ps2 instance & observed that the PS
started successfully.
7) Executed XPSRegClient on Policy Server2, the command got executed
successfully without any errors.
(1)
Example: Set up Multiwrite-DISP Replication between DSAs
This example explains how to enable multiwrite replication with
DISP recovery (MW-DISP) between two DSAs.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/ca-directory-concepts/directory-replication/multiwrite-replication-with-disp-recovery/example-setting-up-multiwrite-disp-replication-between-dsas.html
(2)
Adding a DSA to a Multiwrite-DISP System
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/ca-directory-concepts/directory-replication/multiwrite-replication-with-disp-recovery/adding-a-dsa-to-a-multiwrite-disp-system.html
(3)
Configure a Symantec Directory Policy Store
This content describes how to configure a single Symantec
Directory server instance to store policy data and encryption
keys.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-a-ca-directory-policy-store.html