Symantec Access Management

We have a SiteMinder environment running in production.
We have an active federation that we need to disable to edit some parameters.
The problem is that the federation refuses to stay in an inactive state.

Policy Server: Version 12.52; Update: 01.00; Build: 499; CR: 00;

Test
- We access Federation -> Partnership Federation -> Partnerships
- Select the federation, named "365SSO-net" -> Action -> Deactivate
- A message pops up asking "Are you sure you want to deactivate the selected partnership?" click yes.
- The federation is still in Active state.

The following log can be seen in smps.log

[9108/8172][Mon Oct 02 2017 14:02:42][WSFEDIPToRPPartSvc.cpp:1502][WSFEDIPToRPPartSvc::setDeactivated][ERROR][sm-xobfed-00440] Property section for activated partnership does not exist.
[9108/8172][Mon Oct 02 2017 14:02:42][WSFEDIPToRPPartSvc.cpp:1586][WSFEDIPToRPPartSvc::setDeactivated][ERROR][sm-xobfed-01410] setDeactivated failed!.

1. How can we resolve this?
2. We'll upgrade the Policy Server, and we need to know how can we check the consistency of the database for another errors?

Hi, I would recommend opening a support ticket for this as there will need to check your policy store.

Are you seeing in the smps.log "Assert failed" entries?

That is a sign that some expected records are not found.

See if you can run XPSExport -xb export.xml and export successfully.

If you can, you will need to provide that when you open a support ticket.

If you fail to export, you will also need to share your XPSExport.log file.

If your policy store is LDAP, you should provide ldif export.

That way, support may be able to find which objects are missing and what actions can be taken.

I echo Kim.

From that particular error, it seems that it is unable to find attribute "CA.SM::WSFEDIdP" .

That is not right and indicate problem with policy store which needs deeper look at your environment.