search cancel

Policy Server :: Agent Connection : Failed to decrypt persistent key

book

Article ID: 97073

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're running a Policy Server, and when Web Agent starts, it cannot connect to the
  Policy Server, and the Policy Server reports the error :

  [30474/140414308816640][Thu May 17 2018
  14:46:38][SmObjKeyManagement.cpp:459][ERROR][sm-Server-03080] Failed
  to decrypt persistent key

  It's a new installation.
  So far, we've :
  
 - Exported the old policy store on the old server
 - Added the schema to the new MS SQL 2014 database (CA SSO 12.52 schema)
   Imported old store

Cause

The problem here is that the encryption key between the environment 
where you exported the keys is different than the one where you import 
data. 
 

Environment

  Policy Server 12.8 on RedHat 7; 
  Policy Store on MSSQL 2014; 
 

Resolution

  In order to make both environment running the same encryption keys, 
  please follow the steps described in that documentation : 

  Reset the r12.x Policy Store Encryption Key 
  https://docops.ca.com/ca-single-sign-on/12-8/en/administrating/manage-encryption-keys/reset-the-r12-x-policy-store-encryption-key 

 

Additional Information

  Further related document : 

  SiteMinder r12.52 SP1 CR05 smkeyimport command error/failed 
  https://communities.ca.com/thread/241758914