Symantec Privileged Access Management

In this document I will walk through upgrading the java development kit (jdk) used by ControlMinder/PIM 12.8 on windows. This document is applicable to JDK 1.7. To upgrade to a JDK of version 1.8.x please request the following fixes from CA Technical Support: T6DC016 is for RedHat and T6DB007 for windows.

1) Install the new jdk. If you wish to install it the same way that the ControlMinder/PIM installer does, install only the "Development Tools" and do not install "Source Code" or "Public JRE". Also, change the install directory to, for example, C:\jdk1.7.0_80.

2) Edit <jboss>\bin\compile_jsp.bat 

Find the following line: 

set JAVA_HOME=C:\jdk1.7.0 

Modify it to: 

set JAVA_HOME=C:\jdk1.7.0_80 

3) Edit <jboss>\bin\run_idm.bat 

Find the following line: 

set JAVA_HOME=C:\jdk1.7.0 

Modify it to: 

set JAVA_HOME=C:\jdk1.7.0_80 

4) Edit <AccessControlServer>\Connector Server\bin\acjcswrap.ini 

Find the following line: 

Command line = "C:\jdk1.7.0\bin\java.exe" -Xms256M -Xmx512M -server -Djava.awt.headless=true -Dlog4j.configuration=../conf/log4j.properties -Djava.library.path=. -Dlog4j.configuration=../conf/log4j.properties -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dsun.lang.ClassLoader.allowArraySyntax=true -Dbea.home=../conf -Dweblogic.security.SSL.trustedCAKeyStore=../conf/ssl.keystore -cp jcs-bootstrap.jar;../conf;../lib/*;../extlib/* org.apache.directory.server.UberjarMain ../conf/server_jcs.xml classpath*:conf/connector.xml ../conf/override/**/connector.xml normalize=false 

Modify C:\jdk1.7.0\bin\java.exe to C:\jdk1.7.80\bin\java.exe so that it looks like: 

Command line = "C:\jdk1.7.0_80\bin\java.exe" -Xms256M -Xmx512M -server -Djava.awt.headless=true -Dlog4j.configuration=../conf/log4j.properties -Djava.library.path=. -Dlog4j.configuration=../conf/log4j.properties -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dsun.lang.ClassLoader.allowArraySyntax=true -Dbea.home=../conf -Dweblogic.security.SSL.trustedCAKeyStore=../conf/ssl.keystore -cp jcs-bootstrap.jar;../conf;../lib/*;../extlib/* org.apache.directory.server.UberjarMain ../conf/server_jcs.xml classpath*:conf/connector.xml ../conf/override/**/connector.xml normalize=false 

5) Make sure that the following parameters:

jdk.tls.disabledAlgorithms

jdk.certpath.disabledAlgorithms

In the file:

C:\jdk1.7.0_80\jre\lib\security\java.security

Have the same values as their equivalent in:

C:\jdk1.7.0\jre\lib\security\java.security

6) Stop the following services:

JBoss Application Server 4.2.3 

CA ControlMinder Connector Server (Java) 

7) Delete the following folders:

<jboss>\server\default\tmp 

<jboss>\server\default\work 

8) Start the CA ControlMinder Connector Server (Java) service

9) Start the JBoss Application Server 4.2.3 service