Symantec IGA

  • 1.  CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Posted 09-30-2017 08:36 AM

    Hi,
    I have ca identity manager 12.5 sp5.
    I tried to update provisioning certificate before its expired date.

     

    I following this doc https://docops.ca.com/ca-identity-manager/12-6-04/en/release-notes/release-notes-12-6-04-cumulative-patches/update-the-p… 

     

     

    I following this step,

    download OOTB cert, rename , replace old file.

    Provisioning Directory and Provisioning Server on Different Systems

    after I've done with Provisioning directory system and Provisioning server system. At step 8, I can not start service provisioning server. Error code 21.


    My pd service start completed such as ***-impd-main.

     

     

    my etatrans log as below

     

    20170930:184111:TID=000d60:********************:X: ***** STARTUP of Identity Manager Provisioning Server *****
    20170930:184111:TID=000d60:StartUp :----:----:C: Registry Path: SOFTWARE\ComputerAssociates\Identity Manager\Provisioning Server
    20170930:184114:TID=000d60:StartUp :----:----:P: EtaDomain: im
    20170930:184114:TID=000d60:StartUp :----:----:P: EtaDomain Suffix: dc=im
    20170930:184114:TID=000d60:LDAP :----:----:*: New CONPOOL 0238EC40[]: mn=0; mx=20; [ldaps://idmapp1:20391;eTDSAContainerName=DS
    20170930:184114:TID=000d60:LDAP :----:----:*:+As]
    20170930:184114:TID=000d60:LDAP :----:----:*: UPD CONPOOL 0238EC40[->DB]: mn=0->5; mx=20->40; [ldaps://idmapp1:20391;eTDSAConta
    20170930:184114:TID=000d60:LDAP :----:----:*:+inerName=DSAs]
    20170930:184114:TID=000d60:EtaServer :----:----:I: Verifying that directory DSA 'impd-main' is available.
    20170930:184114:TID=000d60:LDAP :----:----:*: ldaps://idmapp1:20391. Connecting (busy=0, waiters=0, connecting=1)
    20170930:184114:TID=000d60:LDAP :----:----:*: ldaps://idmapp1:20391. Failed to connect: RC=LDAP_SERVER_DOWN (0x51) Retry=0
    20170930:184114:TID=000d60:StartUp :----:----:E: ***** STARTUP ERROR [EtaServer] *****: Required directory DSA 'impd-main' is not
    20170930:184114:TID=000d60:StartUp :----:----:E:+available. Shutting down IM Provisioning Server.
    20170930:184114:TID=000d60:EtaServer :----:----:I: ***** SHUTDOWN of Identity Manager Provisioning Server initiated *****
    20170930:184114:TID=000d60:EtaServer :----:----:I: STOPPING Notify Monitor Thread
    20170930:184114:TID=000d60:EtaServer :----:----:I: Notify Monitor Thread Stopped

     


    Which step is missing?



  • 2.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Broadcom Employee
    Posted 10-02-2017 10:56 AM

    Hi Piyawat,

     

    The error seems to relate to: "impd-main". Can you be more specific on:

    - Can you connect to the DSA using a JXplorer?

    - What steps did you follow to change the cert on "impd-main" DSA?

     

    I would like to suggest that you open a support case , it may get us an answer more quickly.

     

    Thanks,

    Sagi



  • 3.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Broadcom Employee
    Posted 10-02-2017 10:59 AM

    Hi Piyawat,

    Here are 3 links which should help you, please let us know if these helped you resolve. If not, then please open a support case:

     

    The xxxx-impd-main DSA is not starting 

    How do I reset the Identity Manager Provisioning Repository Credential on Linux 

    IMPD-main not starting up CA Identity Manager 

     

    Thanks,

    Sagi



  • 4.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Posted 10-02-2017 11:49 AM

    Hi Sagi,

     

    Thank for information.

    However,my impd-main already started.
    But provisioning server can't connect to.



  • 5.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017
    Best Answer

    Posted 10-02-2017 11:01 AM

    Hi Piyawat, 

     

    The 12.6.X instructions do not work for 12.5.X. Please follow the instructions in this tech doc: The CA Identity Manager ships with OOTB certificate(s) set to expire in 2017. 

     

    Thank you, 

    Jennifer



  • 6.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Posted 10-02-2017 11:37 AM

    Hi Jennifer,

     

    Thank for information. But I can't access this link.



  • 7.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Posted 10-02-2017 11:45 AM


  • 8.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Posted 10-02-2017 11:56 AM

    Hi Jeninifer,

     

    Thank for new link. But the step is same as I've done and get stuck.



  • 9.  Re: CA IDM12.5 Provisioning Certificate Expired 6 Oct 2017

    Posted 10-02-2017 12:00 PM

    If you have extended support for your 12.5 system please open up a support ticket.