We have built new policy-server 12.7. This policy-server is imported with 12.0 policy-store data. Admin-ui is installed on a separate server and registered with this policy-server where the old store data can be seen.
However when I click on "View user directory", I see Error: [general]: couldn't contact user directory.
Is there any setting in the registry or any configuration setting I am missing that needs to be done ? Please suggest.
Edit user directory and re enter the administrator credentials and see how it works.
Were you able to connect to the User Directory externally ( like Jxplorer) ?
The reason is you have specified a different ENCRYPTION KEY in R12.7. As Shankar mentioned retype the password and the password will be stored in policy store (encrypted using R12.7 ENCRYPTION KEY).
I am seeing this error in the smps.logs:
[1952/140681116907264][Wed Jan 10 2018 11:28:49][SmDsLdapConnMgr.cpp:729][ERROR][sm-Ldap-01320] (SmDsLdapConnMgr(Bind): SSL client init failed in LDAP Initialization). Server svsw0005.statestr.com : 2636, Cert DB:
Ahh SSL, we haven't setup the cert8.db and defined it in smconsole.
I was using wrong options to convert into cert8.db. Now using below it converted it into cert8.db.certutil -N -d certificate_database_directory
I configured smconsole to use this file. Using admin-ui, I am able to see the directories now.
I am trying to figure out creating administrators now.
In FSS ui, in old 12.0 store, there are bunch of administrators. These administrators don't show up in new admin-ui. XPSImport should have taken care of it or since they are admins, they don't get created?
These admins got created using "external Directory" option in fss ui by giving user directory and authentication scheme option.
what is the equivalent way of doing this in admin ui? should I use "create legacy administrator" option. I used that option and created the administrator. I can find this user in the dir. once this user is created, I wanted to use this admin user to login to admin-ui. No luck doing so. I am using siteminder account so far to login admin-ui.
How should I create administrators in the admin ui so I can use them to login to admin ui instead of using siteminder account.
Please open a new thread for new question.
I believe using "certutil -N -d certificate_database_directory" command just created teh certdb and you added the ldap ssl certs explictilty to it using "certutil -A" switch ?
No, I didn't add ldap ssl certs explicitly using certutil -A. I took the cert7.db file from the existing 12.0 server and just converted it using the command
certutil -N -d certificate_database_directory
Is there any way I could verify if cert8.db file generated is correct?
Are there any more steps to it that I didn't do?
Doesn't looks right. "-N' switch just creates cert8 db. It won't add your ldap certs automatically into it.
To verify the certs present in the certdb you can run :
certutil -L -d certificate_database_directory
Configure an LDAP User Directory Connection over SSL - CA Single Sign-On - 12.7 - CA Technologies Documentation
That is correct Ujwol
You have two options.
Option-A : Create a new Cert8.db and manually import the certs.
Option-B : Which Makesh already suggested. Here is the link for that. This will convert.
Can you please mark Makesh's answer as correct and unmark my answer. The issue was to do with SSL.
But wondering how it is working by just creating new cert db
PS : I already Marked Makesh's answer as correct.
I think because I copied cert7.db file from old 12.0 server and just converted into cert8.db.
Have you converted cert7.db to cert8.db file format and pointed them via SmConsole ?
This shows a Cert error, have you converted your cert.db ?
To convert the certificate database file
From a command prompt, navigate to the Policy Server installation bin directory.Example:
Enter the following command:
certutil -L -d certificate_database_directory [-p prefix_name] -X
The certutil tool converts the existing cert7.db file to cert8.db format.
Note: The directory specified by certificate_database_directory must already exist. If the file path contains spaces, bracket the path in quotes.
This is not right. The "-L" switch is used just to list the certificates from the certdb.
Update : Sorry , this is correct command. Didn't notice the "-X" switch at the end.