Patrick-Dussault

Tech Tip : CA Single Sign-On : Policy Server :: The Last Key decoded to Null from the Keystore

Discussion created by Patrick-Dussault Employee on Jul 6, 2017

Issue:

 

We're running several Policy Servers in Production. After changing the Encryption Key, one of the Policy Servers started suddenly to give errors in the smps.log :

[ERROR] The last key decoded to null from the keystore

[ERROR] Failed to generate agent key update commands


How can we solve this problem ?

 

Cause:

 

The Reason for these error messages is that the Encryption Key isn't the same across Policy Servers in your environment.

 

Resolution:

 

To resolve this issue, choose one of the following:


From SMCONSOLE -> Keys tab:

 

- Select Encrypt Keys Using Policy Store Encryption Key

 

or

 

- Uncheck "Encrypt Keys Using Policy Store Encryption Key"

and set the Policy Store key and manually enter the value in the two dialog boxes

 

Make sure that all Policy Servers are configured the same way in your Environment.

 

KB : TEC565906

Outcomes