Symantec Access Management

Expand all | Collapse all

[[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

  • 1.  [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Posted Aug 09, 2012 06:25 PM
    I am unable to login to the Administrative UI after install. A message saying "Error: null" pops up but won't log me in.

    I found this error in the JBoss server.log file:
    [[iam/siteminder]] Failed to start the SiteMinder Admin Directory

    I have tried re-running XPSRegClient and restarting everything, but the error persists.


  • 2.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Broadcom Employee
    Posted Aug 10, 2012 07:04 AM
    Hi brettcarroll,

    can you provide some more information?
    1) Policy server version and CR number?
    2) Did this ever work at all?
    3) Are you using an external admin store or the policy store as the admin store?
    4) What is the type and version of your policy store?
    5) any errors in the policy server smps.logs?
    6) The Jboss application server you are using is that the one installed by SiteMinder pre-admin installer or was this a separate install you put in place?
    7) Please upload installation log files and Jboss full log file to posting for review.


    Once we have some more information we will be better able to help you out.

    hope this helps

    gene


  • 3.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Posted Aug 10, 2012 10:13 AM
    1. Version is r12 SP3.
    2. It did work, then I setup an LDAP user directory and forgot to create a new administrator, so I was locked out. I tried a couple things then just uninstalled and re-installed everything (Policy Server and Admin UI).
    3. This is a fresh install (never logged into the Admin UI), so it is using the policy store as the admin store.
    4. The policy store is a Microsoft SQL 2005 database
    5. No errors in smps.log
    6. Jboss is the default install that comes with the Admin UI PreRequisite Installer
    7. I will try to upload the logs... One interesting error message in the Jboss log is:
    ERROR [PartitionLoader] The administrator directory could not be initialized, administrator records will be unavailable until the context is restarted


  • 4.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Broadcom Employee
    Posted Aug 10, 2012 10:28 AM
    Hi brettcarroll,

    it sounds like the problem is your policy store still has the old information in it.
    When you uninstalled everything and reinstalled it did you drop your database and create a new one using the SQL scrtips?
    If you did not do this step I would do this and then try re-registering your adminui and I think you should be all set.

    If that does not correct the issue I would suggest you open a case with support as they will need to dig deaper into the issue than we can probably do here.

    hope this helps

    gene


  • 5.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Posted Aug 10, 2012 11:49 AM
    I deleted the database before the re-install.

    I am getting an error that says "Read Trusted Hosts FAILED", when I run XPSRegClient.


  • 6.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Broadcom Employee
    Posted Aug 10, 2012 12:11 PM
    Hi brettcarroll ,

    a log file was created when you ran the xpsregclient. Can you post there here?

    If you did not use the -vT for tracing when doing the registration please do it again using that switch

    Thanks

    gene

    Reset the Administrative UI Registration Window
    If you used the XPSRegClient utility more than 24 hours ago to submit the SiteMinder super user credentials to the Policy Server, this step is required. The time from which you submit the credentials and attempt to create a trusted relationship with a Policy Server cannot exceed 24 hours.

    Note:(UNIX) Be sure that the SiteMinder environment variables are set before you use XPSRegClient. If the environment variables are not set, set them manually.
    To reset the registration window

    Log into the Policy Server host system.
    Run the following command:
    XPSRegClient siteminder_administrator[:passphrase] -adminui-setup -t timeout -r retries -c comment -cp -l log_path -e error_path -vT -vI -vW -vE -vF

    siteminder_administrator
    Specifies a SiteMinder administrator. If you are installing the Administrative UI as part of:

    A new r12.0 SP3 environment, specify the default SiteMinder administrator account (siteminder).
    An upgrade, specify any SiteMinder administrator account with super user permissions in the policy store.
    Note: If you are upgrading from r12.0 SP1 and do not have a super user account in the policy store, use the smreg utility to create the default SiteMinder account.

    passphrase
    Specifies the password for the SiteMinder administrator account.

    Note:If you do not specify the passphrase, XPSRegClient prompts you to enter and confirm it.

    -adminui-setup
    Specifies that the Administrative UI is being registered with a Policy Server for the first–time.

    -t timeout
    (Optional) Specifies the allotted time from when you to install the Administrative UI to the time you log in and create a trusted relationship with a Policy Server. The Policy Server denies the registration request when the timeout value is exceeded.

    Unit of measurement: minutes

    Default: 1440 (24 hours)

    Minimum limit: 1

    Maximum limit: 1440 (24 hours)

    -r retries
    (Optional) Specifies how many failed attempts are allowed when you are registering the Administrative UI. A failed attempt can result from submitting incorrect SiteMinder administrator credentials when logging into the Administrative UI for the first–time.

    Default: 1

    Maximum limit: 5

    -c comment
    (Optional) Inserts the specified comments into the registration log file for informational purposes.

    Note: Surround comments with quotes.

    -cp
    (Optional) Specifies that registration log file can contain multiple lines of comments. The utility prompts for multiple lines of comments and inserts the specified comments into the registration log file for informational purposes.

    Note: Surround comments with quotes.

    -l log path
    (Optional) Specifies where the registration log file must be exported.

    Default: siteminder_home\log

    siteminder_home

    Specifies the Policy Server installation path.

    -e error path
    (Optional) Sends exceptions to the specified path.

    Default: stderr

    -vT
    (Optional) Sets the verbosity level to TRACE.

    -vI
    (Optional) Sets the verbosity level to INFO.

    -vW
    (Optional) Sets the verbosity level to WARNING.

    -vE
    (Optional) Sets the verbosity level to ERROR.

    -vF
    (Optional) Sets the verbosity level to FATAL.

    Press Enter.
    XPSRegClient supplies the Policy Server with the administrator credentials. The Policy Server uses these credentials to verify the registration request when you log into the Administrative UI for the first–time.


  • 7.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory
    Best Answer

    Posted Aug 10, 2012 02:14 PM
    Thanks for the help! I got it figured out!

    The error I was seeing in XPSRegClient is "Read Trusted Hosts FAILED".
    Support had me run XPSExplorer command and there were only 2 menu options (should be a lot of menu options). I also got an error saying "no policy objects found".

    I re-installed the Policy Server to a new database and successfully ran
    XPSRegClient siteminder -adminui-setup -vT
    and was able to login as the siteminder account.


  • 8.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Posted Sep 10, 2012 12:52 PM
    I got this issue resolved in my test environment by re-installing the Policy Server...

    Now I am moving to Production and am getting the same error "ERROR [[iam/siteminder]] Failed to start the SiteMinder Admin Directory" and the same results from XPSExplorer.

    I cannot reinstall the Policy Server in production... Any ideas?


  • 9.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Posted Sep 21, 2012 02:19 PM
    Here is the logfile contents:
    [23588/1][Fri Sep 21 2012 14:12:02][CA.XPS:UTIL0041][INFO] Command Line: ./XPSRegClient siteminder -adminui-setup -vT
    [23588/1][Fri Sep 21 2012 14:12:08][CA.XPS:INIT0015][INFO] Initializing XPS Version 12.0.0305.427
    [23588/1][Fri Sep 21 2012 14:12:08][smdefs.cpp:490][INFO] Loaded SmIdentity Library
    [23588/1][Fri Sep 21 2012 14:12:09][smldaputils.cpp:371][INFO] Opening policy store connection to LDAP server: ' ***.***.***.***:1389 '
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:LDAP0023][INFO] LDAP Provider Info String = Default LDAP
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedLDAPVersion = 2
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedLDAPVersion = 3
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:LDAP0019][INFO] LDAP Provider Vendor: vendorName = XXXXXXXXXXXXXX
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:LDAP0018][INFO] LDAP Provider Version: vendorVersion = XXXXXXXXXXXXXX
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:XPSIO039][INFO] Database Transactions are OFF.
    [23588/1][Fri Sep 21 2012 14:12:09][CA.XPS:XPSIO007][INFO] 1 Parameter(s) loaded from Policy Store, 1 total.
    [23588/1][Fri Sep 21 2012 14:12:11][CA.XPS:XPSIO008][INFO] 1223 object(s) loaded from the Policy Store.
    [23588/1][Fri Sep 21 2012 14:12:11][CA.XPS:XPSIO026][INFO] Policy Store ID is "8c950674-cf22-1002-9f2c-83c52f450000".
    [23588/1][Fri Sep 21 2012 14:12:11][CLicense.cpp:150][INFO] Returning from GetLicenses, license bits = 0
    [23588/1][Fri Sep 21 2012 14:12:11][CA.XPS:AUDIT012][INFO] XPS Auditing is enabled.
    [23588/1][Fri Sep 21 2012 14:12:11][SmObjProvider.cpp:268][INFO] Initializing policy store provider 'LDAP:'
    [23588/1][Fri Sep 21 2012 14:12:11][SmObjProvider.cpp:307][INFO] Loading of policy store provider extension DLL: 'smobjldapims' succeeded.
    [23588/1][Fri Sep 21 2012 14:12:11][SmEventTrap.cpp:366][INFO] Loading event handler '/opt/ca/siteminder/lib/libXPSAudit.so'
    [23588/1][Fri Sep 21 2012 14:12:11][SmEventTrap.cpp:380][INFO] Initializing event handler '/opt/ca/siteminder/lib/libXPSAudit.so'
    [23588/1][Fri Sep 21 2012 14:12:11][SmObjStore.cpp:1216][INFO] Initializing Global Domain ID
    [23588/1][Fri Sep 21 2012 14:12:11][SmObjStore.cpp:1255][INFO] BulkFetch policy store
    [23588/1][Fri Sep 21 2012 14:12:11][SmObjCache.cpp:233][INFO] Preloading policy store cache
    [23588/1][Fri Sep 21 2012 14:12:11][SmObjCache.cpp:252][INFO] Precaching system configuration objects
    [23588/1][Fri Sep 21 2012 14:12:37][SmObjCache.cpp:464][INFO] Precaching each Policy Domain
    [23588/1][Fri Sep 21 2012 14:12:37][PolicyCache.cpp:1202][INFO] Building policy cache ...
    [23588/1][Fri Sep 21 2012 14:12:37][PolicyCache.cpp:1295][INFO] Building policy cache done
    [23588/1][Fri Sep 21 2012 14:12:37][SmObjStore.cpp:1267][INFO] BulkRelease policy store
    [23588/1][Fri Sep 21 2012 14:12:37][SmObjStore.cpp:1305][INFO] Object store initialized
    [23588/6][Fri Sep 21 2012 14:12:37][SmObjStore.cpp:932][INFO] Starting object store journal thread
    [23588/7][Fri Sep 21 2012 14:12:37][SmObjStore.cpp:444][INFO] Object store journal thread started
    [23588/7][Fri Sep 21 2012 14:12:37][SmObjStore.cpp:445][INFO] Journal commands refresh interval is 60 second(s)
    [23588/7][Fri Sep 21 2012 14:12:37][SmObjStore.cpp:446][INFO] Server command synchronization delta is 0 second(s)
    [23588/1][Fri Sep 21 2012 14:12:37][CA.XPS:EDIT0056][INFO] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings).
    [23588/1][Fri Sep 21 2012 14:12:37][CA.XPS:XPSSTOP1][INFO] Shutting down XPS...
    [23588/1][Fri Sep 21 2012 14:12:37][CA.XPS:XPSSTOP2][INFO] Shutting down XPS housekeeping...
    [23588/1][Fri Sep 21 2012 14:12:37][CA.XPS:XPSSTOP1][INFO] Waiting for Background threads to shutdown...
    [23588/1][Fri Sep 21 2012 14:12:37][CA.XPS:XPSSTOP3][INFO] Releasing XPS configuration cache...
    [23588/1][Fri Sep 21 2012 14:12:37][CA.XPS:XPSSTOP4][INFO] Releasing XPS policy data cache...
    [23588/1][Fri Sep 21 2012 14:12:38][CA.XPS:XPSSTOP6][INFO] Releasing SiteMinder object store connection to XPS...
    [23588/1][Fri Sep 21 2012 14:12:39][SmObjStore.cpp:1388][INFO] Object store released
    [23588/1][Fri Sep 21 2012 14:12:39][CA.XPS:XPSSTOP7][INFO] Releasing XPS audit connection...
    [23588/1][Fri Sep 21 2012 14:12:39][CA.XPS:XPSSTOP9][INFO] XPS Shutdown Complete.


  • 10.  RE: [[/iam/siteminder]] Failed to start the SiteMinder Admin Directory

    Posted Sep 21, 2012 04:09 PM
    see this line ?

    Policy Store ID is "8c950674-cf22-1002-9f2c-83c52f450000".

    that ID is unique.

    now since you already generated a new "WAM UI" reg file (more about it later), i assume you already tried to login to the WAM UI again. if that the case, grep this from your smps.log

    grep "Failed to establish a Security" smps.log

    then compare the alpha numeric string w/ the policy store ID above. does it match?

    also grep this

    grep "Policy Store ID is" smps.log

    and check to see if the value return match, if not, when was that (not sure how far back you save the smps.log)

    About the "WAM UI" reg file. Whenever you use the XPSRegClient to setup Trusted Host for WAM UI, a file with a format of <id>.XPSReg is created in /hosting/products/siteminder/ps/bin/ directory. various notes from the user guide indicated this is a temporary file that SM use to connect and establish the WAMUI trusted host. By default, this file is valid for 24 hrs period. you can save that file and re-run without running another ./XPSRegClient siteminder -adminui-setup -vT

    anyway, check to see if you have the string ""Failed to establish a Security" in smps.log when you fire up the browser and attempt to log into the WAM UI the first time and we will go from there.

    T.