Tech Tip : CA Single Sign-On : Issues with KeyMarker: 4 while importing Agent keys

Document created by Osarobo_Idehen Employee on Jan 3, 2017
Version 1Show Document
  • View in full screen mode


We are upgrading Siteminder from R12.0 SP3 to R12.52 SP1 CR04 version and also the platform from Solaris to Linux.

We did export the Agent Keys successfully from Solaris environment and also copy the EncryptionKey.txt file from Solaris to Linux Platform.

While Importing the Agent Keys into the New Environment we were facing issues with one Agent Key.

We drill down the problem to a specific Agent Key and found that it is the KeyMarker: 4 that is causing the issue:


Unable to decrypt AgentKey key from import file using policy store / key store key. Aborting..

Fatal Error: Failed initialization.


We would like to know what the KeyMarker: 4 represents and why it is causing above reported issue.


Siteminder 12.52 SP1 CR4


The Keymarker 4 is the static key.

So, if you use dynamic keys, then the static key is not used, and so the keymarker 4 will not be used anywhere.


If you use static key, then all 4 keys will have the same value.


Solution would be to change R12 to static key via the AdminUI and then run export in order to have both environment running with the same keys.



KD : TEC1786593