Simon_Naunton

Tech Tip: Setting the JDK/JRE for Privileged Identity Manager 12.9SP1 on Windows

Discussion created by Simon_Naunton Employee on Dec 7, 2015

Lets sort out any potential problems with different JREs being installed on the system and force the various components of PIM 12.9SP1 on windows to use the JDK/JRE we installed from the 3rd party components media.

 

I am making the assumption that PIM, the jdk and jboss have been installed in the default locations of:

 

C:\Program Files\CA\AccessControlServer
C:\jdk1.8.0
C:\jboss-4.2.3.GA

 

1. Apache Tomcat

 

By default Tomcat will pick up and use the first java.exe in the system path. To fix this, navigate to C:\Program Files\CA\AccessControlServer\apache-tomcat-7.0.54\bin and execute tomcat7w.exe. Go to Java tab and set "Java Virtual Machine" to:

 

 

C:\jdk1.8.0\jre\bin\server\jvm.dll

 

jvm.png

 

Restart the "Apache Tomcat 7.0.54" service.

 

 

2. GUACD

 

GUACD will pickup and use the first java.exe in the system path. The easy way to sort this out is to change the system path to have the following at the front:

 

 

C:\jdk1.8.0\jre\bin

 

 

However, this does put you at the mercy of other potentially path changing applications, so another, albeit unsupported (NOTE: unsupported, development and SE avert thyne eyes), way of doing this is to create a wrapper around guacd.exe which sets the path before starting guacd.exe.

 

Stop the GUACD service.

 

Create a file called C:\Program Files\CA\AccessControlServer\PupmProxy\bin\guacd_wrapper.bat with the following contents:

 

@echo off
path=c:\jdk1.8.0\jre\bin;%PATH%
"C:\Program Files\CA\AccessControlServer\PupmProxy\bin\guacd.exe" -S -l 4822

 

Then, after backing up your registry of course, start regedit and go to:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GUACD

 

Change ImagePath from:

 

C:\Program Files\CA\AccessControlServer\PupmProxy\bin\guacd.exe -S -l 4822

 

To:


C:\Program Files\CA\AccessControlServer\PupmProxy\bin\guacd_wrapper.bat

Regedit.png

Remember that the guacd_wrapper.bat is unsupported and might become an issue if patches are applied, upgrades etc. So, if you really do not need to do this just modifying the system path is a much better way. This example is just here for a scenario where there is no other choice.

 

In either case, start or restart the GUACD service.

 

 

3. Connector Server (JCS), ProxyManager and EventForwarder

 

By default these should be set to point to the JDK that PIM was installed with.

 

To confirm this there is a "Command line" parameter which contains the, you guessed it, command line in each of the following files:

 

C:\Program Files\CA\AccessControlServer\Connector Server\bin\acjcswrap.ini
C:\Program Files\CA\AccessControlServer\Services\EventForwarder\bin\acsiemwrap.ini
C:\Program Files\CA\AccessControlServer\Services\ProxyManager\bin\acjavasrvwrap.ini

 

In all of the files, this should begin with <path>\java.exe, make sure it points to c:\jdk1.8.0\bin\java.exe, e.g.

 

Command line = "C:\jdk1.8.0\bin\java.exe" .... <rest of command> ...

 

Restart the following services:

 

CA ControlMinder Connector Server (Java)
CA ControlMinder Event Forwarder (Java)
CA ProxyManager

 

4. JBoss

 

Last but certainly not least, by default this should be set to point to the JDK that PIM was installed with.

 

Near the top of both of the following files.

 

C:\jboss-4.2.3.GA\bin\compile_jsp.bat
C:\jboss-4.2.3.GA\bin\rum_idm.bat

 

There is the line below where <jdk> is the jdk to use:

 

set JAVA_HOME=<jdk>

This should be:

 

set JAVA_HOME=C:\jdk1.8.0

Outcomes