Symantec Privileged Access Management

  • Private Community

  • 1.  PIM - DH (READER) not responding

    Posted Jun 18, 2018 09:35 AM

    Hello Community,

     

    i do have a slight problem, which might have happened to one of you too. We do use PIM Entm 12.61 (i know it is a little old) and endpoints on all possible platforms (version > 12.8). Since an unforseen reboot the DH__ Database got corrupted and endpoints aren't able to fetch policy/updates anymore.

     

    It seems that the communication between DMS__ and DH__ fails, therefore I've recreated the DH database, just as stated in this document ("Tech Tip - CA Privileged Identity Manager: How to resubscribe a DH to a DMS in PIM 12.8+ ").

     

    The error which i am trying to fix looks like this.

     

    02:38:10 PM@Jun 18 2018 - ERROR: command "showres HNODE ("one.of.my.servers") useprops(POLICY_STATUS)" returned failures, rv = 10031
    02:38:10 PM@Jun 18 2018 - LCA returned ((DH__@my.ca.entm.machine)
    ERROR: Failed to fetch data for HNODE one.of.my.servers
    )

     

    DMS, DH, DH__WRITER and the TibcoMQ are on the same machine.

     

    DH__WRITER seems to be working because if i connect to it through host DH__WRITER@ and issue eu dummy1 it will be available on DMS__@ too. could somebody list me the sepmd -L <DH|DMS|DH__WRITER> entries?

     

    Many thx in advance

     

    Oliver



  • 2.  Re: PIM - DH (READER) not responding

    Broadcom Employee
    Posted Jun 18, 2018 10:29 AM

    Hello Oliver,

     

    What I found in my lab is that in ENTM r12.6 / 12.7 after recreating the DMS and DH it is necessary to put in the registry of the relevant hosts:

     

    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\Pmd\DH__

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\Pmd\DMS__

     

    Parent_Pmd = _NO_MASTER_

     

    to allow replication to happen.

     

    I just put the complete steps how to reset the DMS in the Support Case we have (01115602)

     

    Regards,

    Andreas



  • 3.  Re: PIM - DH (READER) not responding
    Best Answer

    Posted Jun 19, 2018 10:45 AM

    Hi,

     

    thanks for the support, even if my version of ENTM is not most updated one.

     

    Besides of the information I received from you I needed to come up with a combined solution. So for anyone who might encounter the same issue, here is what I did.

     

    As my DMS was still working, this was my base to start with. (Btw. many steps are related to a case I had with Mr. Mueller)

     

    1.) Backup Old DMS

    2.) dmsmgr -remove -dh DH__

    3.) The suggested data extraction with "dbmgr -e -l -f dms__.txt" and "dbmgr -f -m -r dms.migrate" didn't work for me because when trying the import those information I received an error. Other possibilities like sepmd -n, or via selang and subs DMS__ newsubs(DH__@<server>) showed a different error (Packing comand into buffer).

    4.) secons -s

    5.) dmsmgr -create -dh DH__

    6.) remove files from folder DH__

    7.) copy files from DMS__ into DH__

    8.) remove subscribers.*, pmd.*, Pmd_log, Error_log and update.dat

    9.) enter DH__ directory and issue "selang -d ." within selang  "so is_dms-" and "so is_dh+"

    10.) add the Registry settings as described above

    11.) start ControlMinder

    12.) sepmd -s DMS__ DH__@<server>

    13.) if sepmd -L DH__WRITER doesn't show DMS as target -> sepmd -n DH__WRITER DMS__@<server>

     



  • 4.  Re: PIM - DH (READER) not responding

    Broadcom Employee
    Posted Jun 20, 2018 02:44 AM

    Thanks for sharing the steps.

    I just would like to emphasize that the above procedure is valid only for ENTM <= r12.7

    Since ENTM r12.8 the DMS and Distribution Host use Message Q subscriber methods which require different commands to setup the association