Symantec IGA

 View Only
  • 1.  Redeploy Connector Server JCS Vapp 14.2

    Posted Jan 27, 2021 11:22 AM
    Hello Community.

    We are facing issues with our Connector Server JCS deployed within Virtual Appliance v14.2. This connector is not responding. The symptoms are:

    • Connector Server Management Console does not load with an error "HTTP error 503 - Problems accessing /main. Reason: java.lang.NullPointerException".
    • That Connector Server is not generating any logs. For instance, most recent "daily.log" is 4 months old and there's no updates.
    • The last error message showed by "daily.log" when it stopped updating was: "Authentication failed bad credentials".
    Environment: We have two Vapp machines clustered. Those two Vapp contains all components each. The problematic Connector Server is embedded in one of those. The other one is working fine.

    We tried to re-deploy that problematic JCS but the procedure generated a lot of issues so we finally had to reverse and recover our two Vapp from snapshots.

    If someone here give us some advice, solution, anything, we will appreciate it. Is there a way to re-deploy, or correct deployment, or repair that JCS?

    Thanks a lot.


  • 2.  RE: Redeploy Connector Server JCS Vapp 14.2
    Best Answer

    Broadcom Employee
    Posted Jan 28, 2021 11:08 AM
    Something you can try doing would be the "repair_service" alias to try to redeploy the Connector Server (you likely would need to import any custom OSGi bundles and certificates afterwards).

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-3/virtual-appliance/administering-virtual-appliance/using-the-login-shell.html


  • 3.  RE: Redeploy Connector Server JCS Vapp 14.2

    Posted Jan 28, 2021 05:33 PM
    Hello Kenneth.
    Thanks for your quick answer. I have a couple of questions:
    • If I have two Vapp cluster, executing that "repair_service" alias in the problematic one is going to impact the other one?
    • I tested in my Tests environment with Identity Manager service, and the process damaged the IDM User Store DSA (idm-userstore-router-caim-srv-01). Is this normal? How can I solve this? The error related to the damaged DSA is on the image below:

    • If I do this repair in Connector Server service, what collateral effects could I have?
    Thanks in advance for your help.


  • 4.  RE: Redeploy Connector Server JCS Vapp 14.2

    Broadcom Employee
    Posted Jan 29, 2021 10:03 AM

    Where the JCS is redeployed you likely would need to import any custom OSGi bundles and certificates afterwards.

    I would not expect an impact to the other JCS machine. 

    Regarding the DSA error, perhaps some changes are made to the system so it is not the same as it a default out of box system that is interferring.

    You may be best helped through a support case for errors you encountered.




  • 5.  RE: Redeploy Connector Server JCS Vapp 14.2

    Posted Feb 01, 2021 03:21 PM
    Thanks again Kenneth.

    I will test the "repair_service" option in our problematic Vapp and let you know the results.

    Regards,

    Mauricio C.



  • 6.  RE: Redeploy Connector Server JCS Vapp 14.2

    Posted Mar 04, 2021 08:58 AM
    Hello Kenneth.

    Thanks again for your help on this case. I performed repair_service for my Connector Server (CS) and it was successful. In order to help another people who may have the same issue, there´s my procedure:

    - Double check if there are any custom OSGi bundles and certificates and save them. It's important in order to recreate the CS completely.
    - Run repair_service Alias for Connector Server, following the wizzard carefuly. This will reset your CS to factory defaults (like recently deployed).
    - I had to rollback a couple of CPs in the "repaired" Vapp as the Java version was restored to factory default too. I had to re-apply those CPs so the Java version got to the same version as the other Vapp in the cluster. (This has to be done because I had issues with the repaired CS as the Java was affected)
    - Import the custom OSGi bundles and certificates saved from the first step.
    - Get ready to rumble!!!

    I hope this help to someone in the future.

    Thanks to Kenneth Verrastro. Great to have people like you in this Community.