How to upgrade JCS on Linux so that it can connect to an TLS enabled SQL Server SAM Endpoint.
search cancel

How to upgrade JCS on Linux so that it can connect to an TLS enabled SQL Server SAM Endpoint.


Article ID: 9773


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


We have recently setup TLS on our Microsoft SQL Servers and disabled TLS 1.0 and 1.1. This can be found on Microsoft's TechNet TLS/SSL Settings article. Now when I try to create a MS SQL Server PUPM Endpoint in Enterprise Manager I get this error:

This is due to the version of JVM provided with the Java Connector Server component and the JDBC driver version supportability of TLS. These steps describe how to update both components on an Linux Enterprise Manager. If you have installed any Linux Distribution Servers or Linux Load Balancing Enterprise Manager those servers will also have to be upgraded. 

The JVM upgrade will use the existing JDK provided with the install of the Enterprise Manager Server. You maybe using a custom path and upgrading Java on regular intervals to different paths. Please keep these steps in mind when you upgrade Java JDK on the system. 

The SQL JDBC upgrade will require you to download the latest from Microsoft


Linux Red Hat Server
Enterprise Manager 12.9.x


JVM upgrade steps:

  1. Stop JCS  via /etc/init.d/im_jcs stop
  2. Change the value of JAVA in /etc/init/im_jcs.conf. JAVA must point to the JDK 1.8.0 location. Example:  JAVA=/usr/java/jdk1.8.0_51/bin/java
  3. Start JCS via /etc/init.d/im_jcs start
  4. Run the following commands: 
    1. export LD_LIBRARY_PATH=/opt/CA/AccessControlServer/APMS/AccessControlShared/lib:$LD_LIBRARY_PATH
    2. ComponentRegistration -comp jcs -register -userDN cn=root,dc=etasa -serverDN dc=im,dc=etasa -pwd <jcspassword> -port 20411 -ssl yes

Note: <jcspassword> is the communication password set during install. 

SQL JDBC Driver jar file upgrade steps: 

  1. Stop JCS via /etc/init.d/im_jcs stop
  2. Remove the exiting sqljdbc_2005__V1.2.jar driver from /opt/CA/AccessControlServer/Connector_Server/extlib/

  3. Add the sqljdbc42.jar from the JDBC Driver zip to /opt/CA/AccessControlServer/Connector_Server/extlib/

  4. Start JCS via /etc/init.d/im_jcs start


Additional Information

The Windows documented steps can be found here: