We are doing an upgrade; Currently we have r12, moving to 12.52 SP2.
Unfortunately, we don't know the value of our existing dev R12 Policy server encryption key. To test the procedure I build R12 test environment
Here are few steps that I took:
1. Copy encryption.txt from dev r12 paste it into test enviornment
2. Copy the registery value of the encryption key.
3. smreg super user on test
4. XPSregclient on test
Now I am getting following error messages in smps:
4880/4612][Thu Nov 03 2016 13:40:19][CServer.cpp:1740][ERROR] Bad security handshake attempt. Handshake error: [4880/3900][Thu Nov 03 2016 13:41:19][CServer.cpp:1751][ERROR] Handshake error: Shared secret incorrect for this client[4880/3900][Thu Nov 03 2016 13:41:19][CServer.cpp:1913][ERROR] Failed handshake with 159.******:53605[4880/2684][Thu Nov 03 2016 13:41:23][PolicyCache.cpp:1211][INFO] Building policy cache ...[4880/2684][Thu Nov 03 2016 13:41:24][PolicyCache.cpp:1304][INFO] Building policy cache done[4880/4992][Thu Nov 03 2016 13:41:31][SmDsLdapConnMgr.cpp:883][ERROR] SmDsLdapConnMgr Bind. Server xxxxxxx Error 48-Inappropriate authentication
Also, I am unable to Login to WAM UI as well.
What you are doing by replacing the EncryptionKey.txt is basically resetting it.
There is whole lot of process you need to follow when you reset encryption key.
Refer to this:
You will need to perform all the steps mentioned in this guide except step 5 (smreg -key) as this is same as copying the EncryptionKey.txt file.
Thanks for pointing me to the right direction
I will update the blog once resolved.
Please note , there is a known issue in r12.0 version where the clear text export of the keys does NOT work.
If you need to migrate the key store to the new envrionment as well, then you have two options :
1. Get dev fix from CA for clear text export of key store
2. Copy the key store data manually to the new key store.
Due to some corruption in our existing dev policy store, we are unable to take XPSexport. Instead we used smobjexport. Is there any KB document available on how to copy the key store data manually?
Hmm, this is LDAP/RDBC specific.
Have a read through this:
This should give you an idea
I have successfully tested the resetting of encryption key in our test environment.
We do not have the value of our existing dev environment encryption key. I can always use the practice i did, but at the end of the day we still do not know the encryption key. In order to add 12.52 SP2 Policy Server in the mix, we are going to reset the key on r12(dev). lets see how that goes.
That's a good news. Keep us posted.
Maybe this would help?:
Reset the r6.x Policy Store Encryption Key