Skip navigation
All People > Vinay Kumar Reddy Karri > Vinay's Blog > 2015 > October
2015

Vinay's Blog

October 2015 Previous month Next month

ControlMinder(PIM Endpoint Agent) can be configured so that the seaudit events(logs) will be moved to native filesystem logs such as syslog. This configuration enables one to configure a syslog server which will collect logs,including both native data and seaudit data from all the endpoints.

 

Here is how to do it:

 

1) Stop Access Control

>> secons -sk

 

2) Edit the /opt/CA/AccessControl/log/selogrd.cfg file and add the following

###

Rule#1

syslog LOG_INFO

.

###

 

3)Start Access Control

>> seload

 

4)start selogrd

>> /opt/CA/AccessControl/bin/selogrd

 

Now all the seaudit logs will be moved to syslog upon generation.

 

Different Log Levels that can be used in the rules:

 

LOG_EMERG //System is unusable.

LOG_ALERT //Action must be taken immediately.

LOG_CRIT //Critical conditions.

LOG_ERR //Error conditions.

LOG_WARNING //Warning conditions.

LOG_NOTICE //Normal but significant condition.

LOG_INFO //Informational.

LOG_DEBUG //Debug-level messages.



Thank You for reading!!

Note: The trace has to be enabled on the Server/Client machine from which one is accessing the PIM webconsole


CA PIM's ActiveX component allows users perform auto-login to the endpoint using the privileged accounts. There will be situations where the auto login will be failing  and we do not have any clue to find the cause for this kind of erratic behavior.

 

So ,enabling trace on the activeX component will shed some light why the auto-login is failing and there by enabling one to troubleshoot in that direction. 

 

Here are the steps to enable trace on ActiveX:

 

  • Set the following registry value in  HKEY_CURRENT_USER\Software\ComputerAssociates\AccessControl\ACScriptEngine

          Name : TraceEnabled

          Type: REG_DWORD

          Value: 1


 

The trace log will be generated in the DebugView console as soon as you perform a autologin.

 

 

Thank You for Reading and Happy Troubleshooting !!!

Note: This procedure is not applicable for removing/uninstalling the Enterprise Management Server

 

There are cases in which un-installation of PIM (aka ControlMinder aka Access Control) agent in windows fails by throwing an error which contains the following error and other driver related errors.

 

Win_ERROR.PNG

 

The below are the steps to do a complete-clean uninstall of the agent from Windows.

 

1. In registry go to: HKEY_CLASSES_ROOT\Installer\Products\CDAFB228040EC5F40AA08B5E852A6D61\Transforms, if the value is "1033.mst", change it to @1033.mst

 

2. Try to re-uninstall "AC Access Control" via Add/Remove Programs. Reboot  the machine if uninstall successful.

 

3. If error remains after #1,2, run uninstall with log file via command line.Looking at the log file will give some insights on why the uninstall is failing.


Msiexec.exe /x {822BFADC-E040-4F5C-A00A-B8E558A2D616} /l*v <log_file_name>

 

4. If AC was uninstalled successfully, please verify that all AC files have been removed from the Install folder:

 

    4.1 The default install folder "<Local Drive>:\Program Files\CA\AccessControl" no longer existed.

 

    4.2 Verify that the drivers binaries have been removed from Disk "<LocalDrive >:\Windows\System32\Drivers". verify that cainstrm.sys, drveng.sys and  seosdrv.sys are not there,      otherwise remove them.

 

5. Verify that AC entry in registry has been removed:  HKLM\SOFTWARE\ComputerAssociates\AccessControl should not exist.  If it still exists please delete it.

 

6. Verify that all drivers services have been removed from the registry, make sure below entries no longer exists.

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cainstrm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seosdrv

 

If some driver service still exists in registry, please run the following in  command line:

>>  sc delete <driver name>

Where driver name can be: cainstrm, drveng or seosdrv.

After deleting the service verify in registry that it has really been  removed.

 

7. Verify that no AccessControl services in services.msc console.  i.e. CA Access Control Agent/Engine/Watchdog/Task Delegation/Report Agent/Policy Model)

If one of the services still exists  please remove it by running the following through command line:

>> sc delete <service name>

And then verify that the service has been removed from services view.

 

8. Reboot is required after uninstallation was done.