I am working on upgrading from CA Siteminder R 12.52 SP 1 CR 05 to CA SSO 12.8. In the process, I exported policystore objects and keys from current live environment (CA Siteminder R 12.52 SP 1 CR 05) using XPSExport -xb policystore_r1252.xml -npass.
By mistake, I did an XPSImport on the live environment instead of duplicate policy store. After importing, I was able to login to Admin UI but lost Super User permissions to admin UI with error message "Unable to establish administration context".
I tried to re-register the Super User following the link https://comm.support.ca.com/kb/steps-to-reregister-admin-ui/kb000009742 (followed every step in sequence) but now I am not able to register the user against policy server.
Below are the errors from log snippet.
Smps.log:
[2658/-260588688][Fri May 17 2019 16:06:44][XPSSecurity.cpp:718][ValidateAdmin][ERROR][sm-xpsxps-04390] Unable to establish administration context.
[2658/4097317744][Fri May 17 2019 16:06:44][CServer.cpp:1922][ERROR][sm-Server-01060] Handshake error: Unknown client name 'carc-vsmps01__0' in hello message
[2658/4097317744][Fri May 17 2019 16:06:44][CServer.cpp:2016][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3160
[2658/4097317744][Fri May 17 2019 16:06:44][CServer.cpp:2037][ERROR][sm-Tunnel-00100] Handshake error: Bad hostname in hello message
[2658/4097317744][Fri May 17 2019 16:06:44][CServer.cpp:2188][ERROR][sm-Server-01070] Failed handshake with ::ffff:128.11.138.201:40026
Second attempt onwards, I get this error.
[2658/-323527824][Fri May 17 2019 16:19:44][XPSRegService.cpp:544][Error][ERROR][sm-xpsxps-07270] No registration on file.
[2658/-281568400][Fri May 17 2019 16:19:44][XPSSecurity.cpp:718][ValidateAdmin][ERROR][sm-xpsxps-04390] Unable to establish administration context.
Admin UI Log:
16:05:51,210 INFO [ServerImpl] JBoss (Microcontainer) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221053)] Started in 1m:10s:671ms
16:08:09,594 ERROR [BootstrapRegistrationCommand] Registration for 'siteminder' failed
16:08:09,595 ERROR [Bootstrap] Failed to establish trust with the Policy Server, use 'XPSExplorer' on the Policy Server to clean up CA.SM::TrustedHost and CA.SM::Admin objects
16:08:12,955 ERROR [BootstrapRegistrationCommand] Registration for 'siteminder' failed
16:08:12,955 ERROR [Bootstrap] Failed to establish trust with the Policy Server, use 'XPSExplorer' on the Policy Server to clean up CA.SM::TrustedHost and CA.SM::Admin objects
I would like to know what can be done to restore the live system back.
We are running the policystore on CA LDAP (CA Directory R12 SP18) and I have a full backup of the LDAP data taken prior to XPSImport. Will restoring the policystore LDAP with the backup LDIF file bring back the system to original state?
Thanks,
Krishna