Symantec Access Management

  • 1.  Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 11, 2015 01:59 PM

    Hi All,

     

    Just wanted to know, whether it would be possible to change a DSA name without removing or recreating the DSA.

     

    I tried to do and start it came pretty fine and i was able to get the contents loaded on to the jxplorer. However when I tried to replicate with different DSA in different server, which had the same old name of the DSA which was renamed, it didn't replicate and replication failed with few messages,

     

    1. [6] 20150811.143044.135 WARN : Remote DSA has our name! this from --> this was from the server which i had renamed the dsa. I didn't find the same error in the server2 dsa.

         so my guess was somewhere in the .db the old name is still stored. so i tried to figure that and i was able to find a instance where the old name was there. And that name is what goes as a datastore while doing the replication

     

    Any clue how to change the DSA without deleting, or removing is the only option to make replication work?

     

    I dont want to delete this dsa, since this dsa is being by CA SSO for policy store and I have configured AdminUI with this Policy Store.



  • 2.  Re: Is there a possibility to change DSA name??? for replication to work.
    Best Answer

    Posted Aug 11, 2015 06:56 PM

    To rename a DSA you need to make the following changes.

     

    In this example, we have dsa1 on server1 and server2, we want to change the name on server2 to dsa2:

    • server1: dxserver stop dsa1
    • server2: dxserver stop dsa1
    • server2: Rename $DXHOME/config/servers/dsa1.dxi to $DXHOME/config/servers/dsa2.dxi
    • server2: Rename $DXHOME/config/knowledge/dsa1.dxc to $DXHOME/config/knowledge/dsa2.dxc
    • server2: If using a knowledge group for example $DXHOME/config/knowledge/dsas.dxg, then replace dsa1.dxc with dsa2.dxc
    • server2: Replace any instance of dsa1 in $DXHOME/config/knowledge/dsa2.dxc with dsa2. There should be 2 spots, the "set dsa dsa1.." and "dsa-name"
    • server2: Rename $DXHOME/data/dsa1.db to $DXHOME/data/dsa2.db
    • server2: Rename $DXHOME/data/dsa1.tx to $DXHOME/data/dsa2.tx
    • server2: Rename $DXHOME/data/dsa1.dp to $DXHOME/data/dsa2.dp <-- if it exists
    • server1: Copy $DXHOME/config/knowledge/dsa2.dxc from server2
    • server1: Copy $DXHOME/config/knowledge/dsas.dxg from server2 (if updated)
    • server1: dxsyntax dsa1
    • server2: dxsyntax dsa2
    • server1: dxserver start dsa1
    • server2: dxserver start dsa2
    • Verify communication between dsa1 and dsa2


  • 3.  Re: Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 12, 2015 04:54 AM

    Thanks Justin,

     

    I did the same thing exactly yesterday. But still its not replicating. Error DSA_E2735,"

    DSA_E2735 `Multiwrite-DISP Unable to synchronize with peer" dsa1.

     

    which says unable to replicate with peers. And in the server2 logs, I see that it says "Remote DSA has our name!" and in server1, it datastore created for dsa1, where I guess, in this place, it should be dsa2.

     

    Same warning is not in server1.

     

    anything that hits you to have this resolved.

     

    or I have to delete the dsa in server2 and create again?



  • 4.  Re: Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 12, 2015 05:17 AM

    You don't have to recreate the DSA. You need to check that you knowledge files for both DSAs are the same on each machine.



  • 5.  Re: Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 12, 2015 06:38 AM

    yes server1 the dsa is dsa1 and on server2 the dsa is dsa2, and I have two dsas in server1, dsa1.dxc, dsa2.dxc and group dsas.dxg. and similarly in server2.

     

    And yes the dsa2.dxc has

    set dsa dsa2

    {

    ..

    ..

    }



  • 6.  Re: Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 12, 2015 07:46 AM

    The error occurs because the "dsa-name" fields is the same in dsa1.dxc and dsa2.dxc. Can you check

    server1: $DXHOME/config/knowledge/dsa1.dxc has a dsa-name and ending <cn "dsa1">

    server1: $DXHOME/config/knowledge/dsa2.dxc has a dsa-name and ending <cn "dsa2">

     

    These should be the same for server2

     

    server2: $DXHOME/config/knowledge/dsa1.dxc has a dsa-name and ending <cn "dsa1">

    server2: $DXHOME/config/knowledge/dsa2.dxc has a dsa-name and ending <cn "dsa2">



  • 7.  Re: Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 12, 2015 07:50 AM

    Will check and update you accordingly, Thank you Justin.. Your timely is help is very much assisted.



  • 8.  Re: Is there a possibility to change DSA name??? for replication to work.

    Posted Aug 12, 2015 10:09 AM

    @Justin McDonald

     

    Thank you so much that worked and i was able to replicate the DSA.