Symantec Privileged Access Management

  • 1.  Linux endpoint not report to DH__WRITTER

    Posted Sep 29, 2017 05:46 PM

    Hi I am installing a linux endpoint agent for PIM, the installation finishes correctly, when uploading the service with the ./seload command and consulting the PIM console the endpoint is not reported, validating the policyfetcher.log I noticed that it can not connect when running the following command.

    trying to connect to host "DH__WRITER@192.168.30.25"

    failed to connect to host "DH__WRITER@192.168.30.25" (10071), retrying..

     

    Validating port permissions 8891 and 61616 these are open and enabled The architecture is implemented in 2 servers. Enterprise Management is the server 192.168.30.25 and the Distribution Server the 192.168.30.26

     

    the all registers policyfetcher.log are

     

    10:31:45@Sep 28 2017 - policyfetcher initialized successfully.
    10:31:45@Sep 28 2017 - Starting policyfetcher loop...
    10:31:45@Sep 28 2017 - adding "DH__@192.168.30.25" to DH list
    10:31:45@Sep 28 2017 - Start checking for variables changes ...
    10:31:45@Sep 28 2017 - INFO : UNAB is not installed.
    10:31:45@Sep 28 2017 - Start sending heartbeat...
    10:31:45@Sep 28 2017 - Scanning DH list, round #1
    10:31:45@Sep 28 2017 - trying to connect to host "DH__WRITER@192.168.30.25"
    10:32:48@Sep 28 2017 - failed to connect to host "DH__WRITER@192.168.30.25" (10071), retrying...
    10:32:48@Sep 28 2017 - Going to sleep 60 seconds ... (non abortable)
    10:33:48@Sep 28 2017 - trying to connect to host "DH__WRITER@192.168.30.25"
    10:34:51@Sep 28 2017 - failed to connect to host "DH__WRITER@192.168.30.25" (10071), retrying...
    10:34:51@Sep 28 2017 - Going to sleep 60 seconds ... (non abortable)
    10:35:51@Sep 28 2017 - trying to connect to host "DH__WRITER@192.168.30.25"
    10:36:54@Sep 28 2017 - failed to connect to host "DH__WRITER@192.168.30.25" (10071), retrying...
    10:36:54@Sep 28 2017 - Going to sleep 60 seconds ... (non abortable)



  • 2.  Re: Linux endpoint not report to DH__WRITTER
    Best Answer

    Posted Oct 06, 2017 04:56 PM

    Hi Julian, This may be an issue between the endpoint and the ENTM or DS due to using different encryption keys or methods. Check the encryption on both ends by running

    ls -la libcrypt

    in the /opt/CA/AccessControl/lib folder and see where its pointing.

    For windows check in registry setting:


    HKEY_LOCAL_MACHINE\Software\ComputerAssociates\AccessControl\EncryptionPackage

     

    On ENTM use selang 'hosts' command to try and connect to the endpoint. If you get error as below:

    ERROR:Connection Failed

    ERROR : Unpackaging of data failed

    Then it is encryption problem, use sechkey utility as described in documentation link below:

     

    sechkey Utility Change a Symmetric Encryption Key - CA Privileged Identity Manager - 12.9.01 - CA Technologies Documenta…