Symantec Access Management

Hi All,

Our current policy server version is R12.52 CR00 and we want to upgrade our all CA component (CA directory server (Policy store and key store), CA Secure proxy server, CA Admin-UI and CA report Server with CABI report 2.x ) to latest version of CA product. the initial installation was done with "root" user and now we want to change this root installation to smuser, Before moving to our QA Env. upgrade we completed our test env.  with "root" user and if we change using "chown" command  from root to smuser we got below error message -

bash-3.2$ ./start-ps

Error: performing semget() on ColdFusion Registry semaphore:Permission denied

SiteMinder Policy Server is not running

SiteMinder Health Monitor is not running

so we have decided to add  new policy server with "smuser" and use existing policy store data with new policy server and take old policy server out from infrastructure.

can anyone please suggest us steps to follow and backup plan for this ?

Regards

Prashant

Stop the policy server as the root user with the $smhome/stop-all command.

Go to the /tmp directory and verify anything tied to root is removed

Execute the command as root

ipcs -a

This will show you all the semaphores and keys

If you have any stuck as root use the ipcrm command to remove them

example

SEMID: 4095

ipcrm -s 4095

For the sem key use the -M flag

ipcrm -M 0324203

Remove these keys and semaphore ids and then chown /opt/CA/sitminder recursively to smuser and attempt to start the policy server.

Thanks @rusad02 this has helped us to start policy server, however Directory server is showing below error in logs -

[208] 20160419.115841.716 Failed to initialise crypto/ssl libraries

[208] 20160419.120541.759 Failed to initialise crypto/ssl libraries

I google it out and found this CA link to sort this out Failed to initialise crypto/ssl libraries after upgrade process but when we try to install CAPKI with "dsa" user it doesn't allow to install, it only gets install with "root" user and after installing capki with "root" it still it throws same error.

----------------------------------------------

bash-3.2$ ./setup install caller=ETRDIR env=all verbose ----------------------with dsa user

[CAPKI] Parameters: mode=install, caller=ETRDIR, instdir=, env=all, verbose=true

[CAPKI] This installer contains CAPKI Version 4.2.9

[CAPKI] Using install directory as specified by CASHCOMP

[CAPKI] Installation directory: /opt/CA/SharedComponents/CAPKI

[CAPKI] Checking for Permissions

[CAPKI] Check Permissions and relaunch installer

[CAPKI] Install unsuccessful, return value is 3

bash-3.2$ sudo ./setup install caller=ETRDIR env=all verbose-------------------- with "root" user

Password:

[CAPKI] Parameters: mode=install, caller=ETRDIR, instdir=, env=all, verbose=true

[CAPKI] This installer contains CAPKI Version 4.2.9

[CAPKI] Using install directory as specified by CASHCOMP

[CAPKI] Installation directory: /opt/CA/SharedComponents/CAPKI

[CAPKI] Checking for Permissions

[CAPKI] Proper permissions are set for installation directory

[CAPKI] Disk space is available

[CAPKI] Existing Version RV=2

[CAPKI] Existing installation of CAPKI found: Version 4.2.9

[CAPKI] Updated installed files log: /opt/CA/SharedComponents/CAPKI/Linux/x86/32/files.dat

[CAPKI] CAPKI Install Successful, return Value is 0

Are you able to find that setup file in the CAPKI directory to give the execute bit to like it says in the TEC note?

What version of CA directory are you attempting to put on. r12 sp18?

yes, capki was present under /mnt/disk/linux_86 folder, so we copied it to /apps/CA/Directory folder and executed.

we are using CA Directory r12 sp14,anyway I have resolved this issue by adding smuser and dsa user in same group.

Thank you for your help.