Symantec Access Management

Expand all | Collapse all

Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

Legacy User

Legacy UserSep 11, 2017 01:41 PM

  • 1.  Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 24, 2017 01:27 PM

    Hi,

     

    I am receiving " Corrupted buffer returned from server " while creating user from Identity Manager.

     

    On Anlyzing siteminder below is my finding , can anyone help me to solve this 

    I have checked and found Agent Discovery feature is set 0 

     

    SMPS log

    [31299/140557619812096][Mon Aug 21 2017 13:13:46][IMS6DsLdapProvider.cpp:6178][ERROR][sm-log-00000] (CIMSDsLdapProvider::ConstructDN) Failed to fetch attribute : '%USER_ID%' from the metadata.

    [31299/140557619812096][Mon Aug 21 2017 13:13:46][IMS6DsLdapProvider.cpp:6280][ERROR][sm-log-00000] (CIMSDsLdapProvider::ConstructDN) Failed to construct DN

    [31299/140557619812096][Mon Aug 21 2017 13:13:46][IMS6DsLdapProvider.cpp:3182][ERROR][sm-log-00000] (CIMSDsLdapProvider::ValidateIMSUserNewPassword) Invalid DN constructed using the org dn and user id [31299/140557619812096][Mon Aug 21 2017 13:13:46][MarshalUtils.cpp:875][ERROR][sm-log-00000] SmImsCommand (returnPasswordErrorMsg) - The SmPasswordMsgReader could not parse the message

     

    Smtracedefault.log

    [08/21/2017][13:13:46.491][13:13:46][31299][140557619812096][IMS6DsLdapProvider.cpp:6178][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-log-00000] (CIMSDsLdapProvider::ConstructDN) Failed to fetch attribute : '%USER_ID%' from the metadata.]

    [08/21/2017][13:13:46.491][13:13:46][31299][140557619812096][IMS6DsLdapProvider.cpp:6280][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-log-00000] (CIMSDsLdapProvider::ConstructDN) Failed to construct DN]

    [08/21/2017][13:13:46.491][13:13:46][31299][140557619812096][IMS6DsLdapProvider.cpp:3182][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-log-00000] (CIMSDsLdapProvider::ValidateIMSUserNewPassword) Invalid DN constructed using the org dn and user id]

    [08/21/2017][13:13:46.491][13:13:46][31299][140557619812096][MarshalUtils.cpp:875][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-log-00000] SmImsCommand (returnPasswordErrorMsg) - The SmPasswordMsgReader could not parse the message]



  • 2.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 24, 2017 03:49 PM

    Is your policy store CA directory? If yes what version?

    What is PS version? Including CR?



  • 3.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 24, 2017 03:59 PM

    Hi Ujwol,

    Yes Policy Store is CA Directory 
    CA Directory 12.6.00 (build 14043) 
    PS version - 12.7 
    IM version - 14.0.1 

    Regards
    Mohd Ossama Lari



  • 4.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 24, 2017 04:55 PM

    Hi Mohd Ossama Lari,


    I suggest opening a ca support ticket.

    This looks similar to an exixsting issue we are working on at the moment.


    You can ask the engineer to refer to me for more details.


    Regards,

    Ujwol



  • 5.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 24, 2017 05:11 PM

    Hi Ujwol,

     

    Thanks for sharing the information.
    I have already opened a support case 00823619 on 21st but not got any reply yet .

    it will be great , if you can help me with this .

    Regards
    Mohd Ossama Lari  



  • 6.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 24, 2017 05:49 PM

    Sure Lari, I will check with the engineer and also review the case.



  • 7.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server
    Best Answer

    Broadcom Employee
    Posted Aug 24, 2017 11:38 PM

    Hi Mohd,

     

    Did you make any changes to the environment recently ? like 

    - upgrading Siteminder/IDM ? 

    - Re-pointing IDM to a newly built Siteminder environment ?

    - Migrating Policies from one environment to other ? Did you even try to delete/modify Policy objects using XPS tools ?

    - this behavior is even noticed, if you restart IDM while SM is down and bring up SM later.

     

    From my past experience, there are 2 ways to resolve this issue. 

    1. If there were no changes made to the environment and issue has been occurring intermittently then Restarting of IDM and SM in the below sequence may resolve this issue.

            --> Restart SM first

            --> Then Restart IDM

    Chances are very little with this option #1, but it's worth to try it out, if you haven't done already.

     

    2. If there were changes made to the environment like upgrade or policy migration etc, then dropping and re-creating the IDM IME's and Directories is only available option.

    Note:

    - I would suggest to have this as a last option, if support team is not able to identify the root cause.

    - This worked for me with SSO 12.52 SP1 CR06 & IDM 12.6.8

    - I see you are in the latest version of IDM and SSO products, there might have been improvements made in these versions to take care of this scenario.

     

    If this is a pre-prod environment and you still want to give it a try with the option#2, then here are the high-level steps:

    Make sure that you have necessary backup's, in case of rollback or failure.

    1. IDM objectstore backup at DB level

    2. IME's and Directories backup by exporting it through IDM Management console

    3. IDM Specific Configuration changes ( eg: SelectBox data, workflow...etc) which are not getting exported as part of IME's

    4. Policy Store, you may use XPSExport option.

    5. SSO Side -->  capture screen prints or make a note of assigned Autheschemes's, Password Policies, any custom responses....etc. (suggest to export the password policies separately and keep it ready for re-import post IME recreation, as IME deletion will delete Password polices too). If your environment's password policies are basic and simpler to create it manually then you can ignore this additional backup. 

     

    Actual Steps start here:

    6. Keep only one Policy Server up and running(stop others) and delete IME's (which ever is having trouble) first and then  corresponding Directories.

    7. On Policy server side, make sure that corresponding Domain and Directories are getting deleted successfully. Most of the time, though it is getting deleted successfully on the AdminUI GUI some of the Objects would still remain in Policystore and give trouble while re-importing back the IME's and Directories.

    8. Restart the IDM servers post deleting IME's and Directories.

    9. Try to Re-import the Directories from step#2 and them IME's. Follow the below KB article if you run into any errors while re-importing. 

    PostCreate errors when creating new directories or environments on Identity Manager after upgrading SiteMinder policy se… 

    10. On successful re-import, make sure that required Domain's and user Directories have been created on SSO side and then Start the IME's and remaining Policy servers.

    11. You may want to take care of Authscheme's and password policies on SSO side.

    12. If everything is back up and IME's are accessible then verify the critical use cases and make sure everything is working as expected. Also remember to take care of SelectBox data and workflow's (if any).

     

    Hope this helps.

     

    Thanks

    Ashok



  • 8.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 25, 2017 11:57 AM

    Hi Ashok,

    I have already tried step 1 and 2 , but didn't solve the issue .

    Just adding more details we have 4 IME in identity manager and 3 different directory .
    2 IME is pointing to same directory, one of this is showing issue other one is working fine .

    Regards
    Mohd Ossma Lari



  • 9.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 27, 2017 09:09 PM

    Hi Mohd,

     

    I know we have provided fix for your other issue 00814588.

    Once you apply the fix (specifying write-precedence for router ), let see if that makes any difference to this case.

     

    Regards,

    Ujwol



  • 10.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 28, 2017 10:48 AM

    Hi Ujwol,

    That fix is for cluster environment , where we have multiple policy store .
    This issue is coming in Single Node environment . in this envrionement every component have single node only.
    even in our other environment( single node env with same version), user creation is working fine.  

    Regards
    Mohd Ossma Lari



  • 11.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Aug 28, 2017 12:40 PM

    Ah ok. Thanks for clarification. I will have a relook at it today then.



  • 12.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Broadcom Employee
    Posted Sep 08, 2017 04:02 PM

    Hi Mohd,

     

    Has this issue been resolved ? if yes, what was the fix ?

     

    Thanks

    Ashok



  • 13.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Sep 11, 2017 04:08 PM

    HI Ashok,

     

    Issue is resolved below is the steps performed .

     

    1.) Deleting the IDM environment where IDM user existed.
    2.) Deleting the associated SiteMinder objects using SiteMinder adminui.
    3.) Running XPSSweeper
    4.) Running XPSDDInstall commands for both SiteMinder and IDM libraries.
    5.) Flushing caches in the adminui.
    6.) Recreating the IDM user.

     

    Thanks and Regards
    Mohd Ossama Lari



  • 14.  Re: Failed to execute CreateUserEvent. ERROR MESSAGE: Corrupted buffer returned from server

    Posted Sep 11, 2017 01:41 PM

    This is very useful. Thanks.