Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Unable to start smpolicysrv service

  • 1.  Unable to start smpolicysrv service

    Posted Jan 11, 2018 03:15 AM

    Hi,

     

    I am facing an issue where in I am getting the below error when trying to start the smpolicysrv service using a specific user account,

     

    Thu Jan 11 06:38:31 2018: Service smpolicysrv DISABLED after 5 failures
    Thu Jan 11 06:38:31 2018: Deleting pid file ----- /opt/app/CA/siteminder/config/smpolicysrv.pid because it's DISABLED
    Thu Jan 11 06:38:31 2018: EXIT because all services have been disabled

     

    And no corresponding logs are being generated in smps.log.

     

    But when doing so with root user I am able to restart the service. Not sure if there is a change in permission for the specific user account or something else.

     

    Please let me know how can I resolve this issue.

     

    Regards,

    Pankaj Sharma



  • 2.  Re: Unable to start smpolicysrv service

    Posted Jan 11, 2018 03:58 AM

    Hi Pankaj,

     

    Refer : Policy Server Upgrade along with user permission change from root to smuser 

     

    Regards,

    Leo Joseph.



  • 3.  Re: Unable to start smpolicysrv service

    Posted Jan 12, 2018 12:08 AM

    Hi Leo,

     

    I tried the steps mentioned in the link but no luck.

    Still not able to start the service using the user account.

     

    Is there any other way/solution to resolve this, I am not able to find any resolution here. I have checked all the permissions and files as well. Not sure what might be causing this issue.

     

    Regards,

    Pankaj Sharma



  • 4.  Re: Unable to start smpolicysrv service

    Posted Jan 12, 2018 12:39 AM

    Hi Pankaj,

     

    Can you paste smps.log and smexec.log here?

     

    Thanks,

    Shankar



  • 5.  Re: Unable to start smpolicysrv service

    Posted Jan 12, 2018 04:53 AM

    Hi Shankar,

     

    The only logs related to this are present in smexec.log file,

     

    Fri Jan 12 06:52:46 2018: Enter: HandleSignals(BLOCK_ALL)
    Fri Jan 12 06:52:46 2018: Enter: HandleSignals(UNBLOCK_ALL)
    Fri Jan 12 06:52:46 2018: Service smpolicysrv DISABLED after 5 failures
    Fri Jan 12 06:52:46 2018: Deleting pid file ----- /opt/app/CA/siteminder/config/smpolicysrv.pid because it's DISABLED
    Fri Jan 12 06:52:46 2018: EXIT because all services have been disabled

     

    I dont see any logs in smps.log file.

     

    Regards,

    Pankaj Sharma



  • 6.  Re: Unable to start smpolicysrv service

    Broadcom Employee
    Posted Jan 12, 2018 10:42 AM

    Have you checked this ?

     

    Locate the following files in the /tmp folder and verify if they have root or smuser permissions:

    • GCL-siteminder-A.pipe
    • GCL-siteminder-B.pipe
    • GCL-SiteMinder.sem


    If the files have root permissions, they fail to execute with non-root user.  Modify the permissions of these files to non-root user. or


    Alternately, do the following:

     

    1. As root, Delete the files- GCL-siteminder-A.pipe, GCL-siteminder-B.pipe, and GCL-SiteMinder.sem from /tmp.

     

    2. As root, Stop the Policy Server using the following command:
    ./stop-all

     

    3. Restart the Policy Server using the following command as non-root user. Do not use sudo command.
    ./start-all



  • 7.  Re: Unable to start smpolicysrv service

    Posted Jan 14, 2018 10:07 PM

    Hi Makesh,

     

    I checked the mentioned files and all of them have non root user as owner. Still I followed the alternate steps mentioned but to no affect.

    I am still facing the same issue.

     

    It seems there is something specific that has changed in the permissions to the non root user. But I am not sure what that is.

     

    One point to mention here, I was able to restart the service earlier with non root user but recently added files to enable XAUTH RADIUS and since then facing this issue.

     

    Regards,

    Pankaj Sharma



  • 8.  Re: Unable to start smpolicysrv service

    Posted Jan 15, 2018 03:00 AM

    Hi,

     

    I found that the file .smpolicysrv.txt was not present on the server in /siteminder folder so I created it and now I can see the service is starting but still when executing ./start-all command it is taking too long to complete. So I close the session and re-open it and see that the service smpolicysrv has started.

     

    Also in the smps.log file I am seeing error logs related to ODBC connection,

    [4424/3623496560][Mon Jan 15 2018 06:08:25][CSmDbUtilities.cpp:567][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 54 Internal Code = 0 - 523 52'.
    [4424/3623496560][Mon Jan 15 2018 06:08:40][CSmDbUtilities.cpp:567][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 54 Internal Code = 0 - 523 52'.
    [4424/3623496560][Mon Jan 15 2018 06:08:55][CSmDbUtilities.cpp:567][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 54 Internal Code = 0 - 523 52'.

     

    Following are the logs present in smps.log

    [6674/4152059616][Mon Jan 15 2018 08:30:39][SmObjProvider.cpp:282][INFO][sm-Server-02840] Loading of policy store provider extension DLL: 'smobjodbcims' succeeded.
    [6674/3644537712][Mon Jan 15 2018 08:30:39][CSmDbUtilities.cpp:465][ERROR][sm-Odbc-00060] Failed to connect to datasource 'SiteMinder Data Source'.
    [6674/3644537712][Mon Jan 15 2018 08:30:39][CSmDbUtilities.cpp:470][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 54 Internal Code = 0 - 523 52'.
    [6674/4152059616][Mon Jan 15 2018 08:30:39][SmObjProvider.cpp:187][ERROR][sm-Server-03090] Policy store failed operation 'Save' for object type 'RootConfig' . Unexpected error in database interface. Error code -1063
    [6674/4152059616][Mon Jan 15 2018 08:30:39][SmObjCache.cpp:402][INFO][sm-Server-02800] Preloading policy store cache
    [6674/4152059616][Mon Jan 15 2018 08:30:39][SmObjCache.cpp:415][INFO][sm-Server-02860] BulkFetch policy store
    [6674/4152059616][Mon Jan 15 2018 08:30:39][SmPolicyServer.cpp:710][ERROR][sm-Server-00450] Failed to initialize policy store Policy store failed operation 'BulkFetch' for object type 'Policy store provider'. DoBulkFetch Failed

     

    It seems the policy server is not able to connect to Policy Store but when I check the connection from smconsole it is able to connect.

     

    Regards,

    Pankaj Sharma



  • 9.  Re: Unable to start smpolicysrv service

    Broadcom Employee
    Posted Jan 15, 2018 05:38 PM

    Is your policy store connection strings in system_odbc.ini file (<siteminder_home>/db) matches the smconsole ?

     

    Refer this:

    https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-odbc-databases-as-policy-session-key-and-audit-stores/configure-an-odbc-database-as-a-policy-store 



  • 10.  Re: Unable to start smpolicysrv service

    Posted Jan 15, 2018 07:32 PM

    Pankaj PankajSh0

     

    May I ask what is being used as a Policy Store (ODBC is way too generic to decipher the actual product and version). Nevertheless, first few thoughts....

     

    I think you have defined the connection parameter's correctly. Hence your test connection from SmConsole works. 

     

    What is probably configured incorrectly is the Policy Store Schema. Could I seek your confirmation that we performed Step4 and Step-7 to Step-10 ? (This is a snippet from Oracle as PStore).

     

     

    Regards

    Hubert



  • 11.  Re: Unable to start smpolicysrv service

    Broadcom Employee
    Posted Jan 15, 2018 08:06 PM

    Pankaj,  If the policy store schema is corrupted or not installed correctly, you'll have problems starting the PS. You said, Smconsole shows connect success, but that is just connect. You have "Failed to initialize policy store Policy store failed operation..".   You will need to redo the steps manually as in the documentaion.

     

    - Regards. Vijay