Symantec IGA

 View Only
Expand all | Collapse all

Prov Server Upgrade IM R14.3 CP1 Issue.

  • 1.  Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 12, 2019 01:29 PM

    ​Hello All,

    We are working on upgrading our IM Environment to R 14.3 CP1 and the Identity Manager has been successfully upgraded. We tried to follow the instructions to upgrade the IM Provisioning Server or IMPS as well to this version but the IMPS is not starting. It is juts giving message that im_ps startup failed. There are no logs being updated as well because the imps.log is "zero" bytes so we are not sure where is the problem.

    We are running on Redhat Linux 6 with IMPS R 14.3 CP1. Please suggest  if you have seen this and how this issue can be fixed. Thanks for your help in advance.

    Note: After upgrade the imps command will not work so we changed all occurrences for "/opt" to "/apps" because last installation was done in this directory and the SLAPDUSER was changed as well from default "imps" to "idmuser" that it was running fine before the upgrade.

    Instructions from the Support that we followed:

    *************************************

    INSTRUCTIONS_ON_HOW_TO_DEPLOY:

    *************************************

    ****** on LINUX: --> for "improvisioning.zip":

    1. Stop the "Provisioning Server".

    2. "linux" folder --> This folder has "improvisioning.zip" --> The "improvisioning.zip" has --> "cp-version.txt",

    "bin", "data" & "lib" folders.

    3. Copy "improvisioning.zip" to a "tmp" location and extract.

    3. Take backup of "bin" & "lib" folders from "<Provisioning Server Installed Location>/".

    4. Copy the provided "bin" and "lib" folders to "<Provisioning Server Installed Location>/".

    5. Change owner and permissions to the above copied "bin" and "lib" folders.

    chown imps:imps bin

    chmod 775 bin

    &

    chown imps:imps lib

    chmod 775 lib

    6. Take backup of "acfparse.ptt" and "adsparse.ptt" files from "<Provisioning Server Installed Location>/data".

    7. Copy the provided "acfparse.ptt" and "adsparse.ptt" to "<Provisioning Server Installed Location>/data".

    8. Change owner and permissions to the above copied ".ptt" files.

    chown imps:imps *.ptt (Note: change owner to ".ptt" files)

    chmod 660 *.ptt (Note: change permission to ".ptt" files)


    Thanks



  • 2.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Broadcom Employee
    Posted Dec 13, 2019 10:37 AM
    Are the DSA running?  Can you run dxserver stop all and dxserver start all.  Anything in the etatranslog?

    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------
    ------------------------------



  • 3.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 13, 2019 10:52 AM
    ​Hello Scott,

    Thanks for your reply, Yes we did recycle the Router DSA on the server where IMPS is running and also we recycled the Provisioning Directory ( including User and Policy Store) as well. But no luck.

    Thanks
    Rakesh


  • 4.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Broadcom Employee
    Posted Dec 13, 2019 10:54 AM
    Anything in the etatranslog?

    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------
    ------------------------------



  • 5.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 13, 2019 10:59 AM
    ​That's the worst part here, there are no logs at all and the only log that's getting created im_ps.log is zero bytes and has no content in it.

    Thanks.


  • 6.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.
    Best Answer

    Posted Dec 13, 2019 01:14 PM
    I was able to increase the im_ps.log log verbosity by editing the im_ps.conf[1] file and restarting the ProvServer afterwards. You need to see the techdoc[2] in order to see how are willing information you need on the log. You need to fiddle around with it a bit to get the correct verbosity.

    You will want to change the loglevel parameter accordingly. For example, if you need "Print out packets sent and received" (16) and "Connection management" (8), you should sum up the values and put it in there. In my case:

    Change the conf file, restart PS and see if you can understand what is going on.

    Hope it helps.


    [1] /opt/CA/IdentityManager/ProvisioningServer/data/im_ps.log - if you do not have the vApp version, you need to find the correspondent file for your deployment (I would expect it to be in the Provisioning Server data folder as stated)
    [2] https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-2/reference/provisioning-maintenance/view-and-maintain-log-files.html

    ------------------------------
    Software Consultant
    Gliat Tecnologia da Informação
    São Paulo
    Brazil
    ------------------------------



  • 7.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 16, 2019 08:04 AM

    Thanks, originally we had log level setting as "24" and logs were not being generated, later we were told to make it "65536" and still no logs. Any other ideas folks?

    Thanks




  • 8.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 16, 2019 08:16 AM
    Using 65536 will generate a LOT of info, most of which will not really be useful for troubleshooting. I suggest you test with a few combinations to be able to get the most out of it.

    You must restart the provisioning server in order for the config file to be reloaded.

    ------------------------------
    Software Consultant
    Gliat Tecnologia da Informação
    São Paulo
    Brazil
    ------------------------------



  • 9.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 16, 2019 08:23 AM
    ​Yes, that's the problem that even after making log level to maximum 65536 and restarting IMPS its not generating any logs.


  • 10.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 16, 2019 08:28 AM
    Try 65535 instead, as stated in the techdoc.

    ------------------------------
    Software Consultant
    Gliat Tecnologia da Informação
    São Paulo
    Brazil
    ------------------------------



  • 11.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Dec 16, 2019 08:32 AM
    ​Sorry that was a typo yes that's what we had:

              SERVICE_NAME=$2
                SERVICE_ARGS=`grep \^${SERVICE_NAME}= $SERVICE_CONFIG_FILE|awk -F= '{print $2}'`
                ARGS="-d 65535"
                if [ $# -gt 2 ]; then
                  shift 2
                  ARGS="$*"
                fi


  • 12.  RE: Prov Server Upgrade IM R14.3 CP1 Issue.

    Posted Jan 14, 2020 07:06 AM
    ​This issue has now been resolved with the help of Nicole from CA Support and the same could be fixed using the steps Nicole has listed below. Thank you so much Nicole to extensively work on this issue to get it fixed in the Linux Environment.

    Response Update:

    Hi Rakesh,

    I was able to get the patch to finally work. 

    Starting im_ps ... eTrust_back_db_init: initializing 15:22:07. ETA::Log Info. Using /opt/CA/IdentityManager/ProvisioningServer/logs/etatrans20200110-1522.log im_ps started successfully

     Try the following (we are going to start over):  Please note all these steps were performed as root

    1. Roll back the patch
    2. make a temp directory in /tmp called improvisioning
    3. Run unzip /tmp/CP-IM-140300-0001/CP-IM-140300-0001/CP-IMPS-140300-0001/CP-IMPS-140300-0001/linux/improvisioning.zip
    4. Make a backup of bin, lib by doing the following:
    5. cd /opt/CA/IdentityManager/ProvisioningServer
    6. cp -a bin bin.orig
    7. cp -a lib lib.orig
    8. cd /opt/CA/IdentityManager/ProvisioningServer/data
    9. cp acfparse.ptt acfparse.ptt.orig
    10. cp acfparse.ptt acfparse.ptt.orig

    Now lets copy over the CP1 files:

    1. Copy bin doing the following: rsync -a /tmp/improvisioning/bin/ /opt/CA/IdentityManager/ProvisioningServer/bin/
    2. Copy lib by doing the following: rsync -a /tmp/improvisioning/lib/ /opt/CA/IdentityManager/ProvisioningServer/lib/
    3. Copy the data files: cp /tmp/improvisioning/data/*.ptt /opt/CA/IdentityManager/ProvisioningServer/data
    4. Lets change permissions:
    5. cd /opt/CA/IdentityManager/ProvisioningServer
    6. chown -R imps:imps bin
    7. chmod -R 775 bin
    8. chown -R imps:imps lib
    9. chmod -R 775 lib
    10. cd /opt/CA/IdentityManager/ProvisioningServer/data
    11. chown -R imps:imps *.ptt
    12. chmod -R 660 *.ptt
    13. su - imps
    14. cd /opt/CA/IdentityManager/ProvisioningServer/bin
    15. imps start

    Let me know the results once you try the above steps. 

    Thank you,

    Nicole