Symantec Access Management

Hi All,

I have recently upgraded policy server from 12.6 to 12.7 version in multiple servers and everything is working fine in all the policy servers except one server where authentication is failing with the below errors.

Initialized authentication scheme [AUTHENTICATION_SCHEME_NAME]

[ERROR][sm-Ldap-02230] Error# '87' during search: 'error: Bad search filter' Search Query = 'p▒▒=*'

[ERROR][sm-Ldap-00830] (GetUserProp) DN: 'CN=testuser,OU=USERS,DC=i,DC=test,DC=com', Filter: 'p▒▒=*' . Status: Error 87 . Bad search filter

I am getting the above errors in smps.log & smtracedefault.log. I have checked the directory and authentication scheme configuration and they are looking good. The search filter and root DN etc are looking good and we haven't changed these configurations as well during the upgrade.

I am able to view the directory content from WAM UI as well. The logs don't suggest anything else except the above logs

Can you please let me know what filter it is referring to? Looks like it is corrupted as I see the junk values in the filter it is printing in the logs.

Any quick help is greatly appreciated. Thank you.

Thanks,

Gopi

Can we see the Policy Object in Policy Store (either using XPSExplorer or WAMUI) and check if the Policy Object / Response value is still intact during the Policy Store upgrade. I know you said it is just one Policy Server, but you never know until you dig deep, whether that Policy Server is only getting the request and hence the error.

Hi Dennis,

Thank you for your reply. I have checked the policy objects via WAM UI & Policy Reader, they are looking good.

Thanks,

Gopi.

What happens if we shutdown this one faulty printing Policy Server and allow the request to go through other Policy Servers in the Cluster. If the flow works, then it is definitely something on this Policy Server. May be if that happens we could take further actions e.g.

• Compare working and non working Policy Server.
• Opt for reinstall the faulting Policy Server on the one box.