Symantec Access Management

 View Only
Expand all | Collapse all

Policy Server - Failed to create the super user account

  • 1.  Policy Server - Failed to create the super user account

    Posted Jul 22, 2015 12:18 PM

    Hi,

     

    I'm trying to install the Policy Server but after three or four times I'm getting always same error

     

    COMMAND: "C:\Users\Administrator.AJC\AppData\Local\Temp\2\195853.tmp\smreg"  -su ******

    RETURN: -1

    STDOUT: The policy store could not be initialized.

    Failed to create the super user account.

    STDERR:

    ***

    I tried to do what is mentioned on discussion "The policy store could not be initializated"

     

    BASE TABLES: C:\F6\CA\siteminder\db\SQL\sm_mssql_ps.sql

    XPS TABLES: C:\F6\CA\siteminder\xps\db\SQLServer.sql

    Siteminder XDD files:  XPSImport C:\F6\CA\siteminder\xps\dd\SmMaster.xdd

     

    But cannot run XPSImport. Also I cannot run smreg -su password and I don't have any idea what I'm doing wrong. I also googled about it but didn't found any solution. Any information you need to know in order to help me, just say it. I'm a little bit newbie with this lkind of environment.

     

    King regards.

     

    PS: I'm trying to do this in Windows Server 2012 R2 and I have installed SQL Server 2012. I decided to create the Policy Store in SQL Server. SiteMinder version is 15.2



  • 2.  Re: Policy Server - Failed to create the super user account

    Posted Jul 22, 2015 12:41 PM

    Hello,

     

       First thing first, windows 2012 is not supported for any version of Siteminder. So you should be using 2008 or Windows 2008 R2 servers.

    Secondly if you have successfully installed the Policy server create a System DSN using odbc32 not 64-bit because siteminder is a 32-bit software. Then use the same DSN in Siteminder Management console, make sure you get Success Message for the connection. Then try the commands Hope that will resolve the issue.



  • 3.  Re: Policy Server - Failed to create the super user account

    Posted Jul 22, 2015 12:51 PM

    I'm afraid I'm using MS Windows Server 2012 R2 x64. Can this be the problem? Secondly, I'm trying to run Management Console but it stays opened just a second and then close. A few hours ago I was doing this with a colleague (the one who knows about all this Windows Server environments) who created a System DSN using odbc32. Now I'm trying to solve it on my own so I is possible to me to say nonsense stuff, but I'll do my best. Thanks ;-)



  • 4.  Re: Policy Server - Failed to create the super user account

    Posted Jul 22, 2015 01:49 PM

    As far as I understand Windows 2012 is not tested and certified by CA as of date so if you face any issues on that server it may or it may not be related to OS you are using. Are you are trying to open the SmConsole as "Administrator"? If yes then try setting the environment settings properly and restart the server.



  • 5.  Re: Policy Server - Failed to create the super user account

    Posted Jul 23, 2015 12:30 PM

    Hi, I've tried it again installing it on Windows Server 2008. I got again

     

    COMMAND: "C:\Users\Administrator.AJC\AppData\Local\Temp\2\195853.tmp\smreg"  -su ******

    RETURN: -1

    STDOUT: The policy store could not be initialized.

    Failed to create the super user account.

    STDERR:

    ***


    Then I tried again to do what is mentioned on discussion "The policy store could not be initializated"

     

    BASE TABLES: C:\F6\CA\siteminder\db\SQL\sm_mssql_ps.sql

    XPS TABLES: C:\F6\CA\siteminder\xps\db\SQLServer.sql

    Siteminder XDD files:  XPSImport C:\F6\CA\siteminder\xps\dd\SmMaster.xdd


    There wasn't any problem executing the two first queries but when I run XPSImport on the Administrator's console what I got is:


    [3608/4800][Thu Jul 23 2015 18:02:27][Database.cpp:689][InitDB][INFO][sm-xpsxps-00120] Initializing XPS Version 12.52.0001.154

    [3608/4800][Thu Jul 23 2015 18:02:29][SmEventTrap.cpp:388][INFO][sm-Server-02500] Loading event handler 'C:\Program Files (x86)\CA\siteminder\bin\XPSAudit.dll'

    [3608/4800][Thu Jul 23 2015 18:02:29][SmEventTrap.cpp:402][INFO][sm-Server-02510] Initializing event handler 'C:\Program Files (x86)\CA\siteminder\bin\XPSAudit.dll'

    [3608/156][Thu Jul 23 2015 18:02:29][CSmDbUtilities.cpp:465][ERROR][sm-Odbc-00060] Failed to connect to datasource 'CA SiteMinder DSN'.

    [3608/156][Thu Jul 23 2015 18:02:29][CSmDbUtilities.cpp:470][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 08003 Internal Code = 0 - [Microsoft][ODBC Driver Manager] Connection not open'.

    [3608/4800][Thu Jul 23 2015 18:02:29][HSTMT.cpp:227][CHSTMT::Error][ERROR][sm-xpsxps-00800] While calling "SQLConnect(CA SiteMinder DSN)", the following error occurred:

    [3608/4800][Thu Jul 23 2015 18:02:29][HSTMT.cpp:241][CHSTMT::Error][ERROR][sm-xpsxps-00810] Native Diagnostic: 28000:18456 [DataDirect][ODBC SQL Server Wire Protocol driver][SQL Server]Login failed for user 'siteminder'.

    [3608/4800][Thu Jul 23 2015 18:02:29][XPSODBC.cpp:722][CXPSIOODBC::CXPSIOODBC][ERROR][sm-xpsxps-00960] Error obtaining ODBC handle.

    [3608/4800][Thu Jul 23 2015 18:02:29][XPSIO.cpp:449][CXPSIO::InitialLoad][ERROR][CA-SM-Assert] Assert failed: pIO

    [3608/4800][Thu Jul 23 2015 18:02:29][XPSTools.cpp:235][CXPSTools::CXPSTools][FATAL][sm-xpsxps-04120] Unable to initialize the XPS library.

     

    And I think it is strange because I created a System DSN using odbc32. And when I tested it was successful.


    Untitled2.png


    Next thing was to try this

    Then use the same DSN in Siteminder Management console, make sure you get Success Message for the connection. Then try the commands Hope that will resolve the issue.


    But when I run the console this is displayed

    Untitled.png

     

    But I'm not able to write anything on the console and if that were not enough XD the interface is in German. I thought I downloaded the English version XD XD XD (Any idea how can I change this?)

     

    Thanks in advance!



  • 6.  Re: Policy Server - Failed to create the super user account
    Best Answer

    Posted Jul 23, 2015 09:35 PM

    Hi ajcremades,

     

    It seems you are having a bad day there

     

    Could you please confirm following for me ?

     

    • When you created System DSN using odbc32, please confirm : Name of the DSN that you specified, Driver that you used (SiteMinder Sql Server Wire Protocol etc ) Better if you can show us the screenshot of your "System DSN" tab.
    • The error clearly says that the login failed for "siteminder" user,have you specified the correct password for this user in the Policy Server Management Console ==> Data ==> Policy Store tab?
    • You also said, you were not able to write anything on the console...Have you tried running the tool in Administrator context ? (right click and run as Administrator ?)
    • For the German Interface , Is this happening only to SMConsole ? Have you checked what is the Display Language setting on the OS ? ( Control panel ==> Region and Language ==> Display Language )

     

    Regards,

    Ujwol Shrestha

     



  • 7.  Re: Policy Server - Failed to create the super user account

    Posted Jul 24, 2015 02:53 AM

    Hi,

     

    back in the office! I'll give it a try right now to your indications, thanks!



  • 8.  Re: Policy Server - Failed to create the super user account

    Posted Jul 24, 2015 05:47 AM

    Hi again,

     

    • I checked languages and I assured that English was in all options. Now GUI is displayed in English
    • I went to the Data tab on PS M Console and introduced the right password and now the connection works. The Policy Server is already running (hurra!)

     

    Now I have a couple of questions

    • Should I be able to type something here?

    Console.png

     

    • When I run this line "XPSImport SmMaster.xdd it ask me for a passphrase and I don't know what passphrase is.

     

    C:\Program Files (x86)\CA\siteminder\xps\dd>XPSImport SmMaster.xdd

    [XPSImport - XPS Version 12.52.0001.154]

    Log output: XPSImport.2015-07-24_112908.log

    Initializing XPS, please wait...

    (WARN) : [sm-xpsxps-00890] No policy data found

    Please enter the passphrase to use for decrypting sensitive information:

    Log Time Phase/Section                #Objects       %age        Elapsed

    -------- ------------------------ --------------- -----------  -----------------

    11:29:16 Initializing

    11:29:16 Reading                                               00:00:00

    (FATAL) : [sm-xpsxps-01750] Exception occurred during XML parse. Error - (XML Parser Fatal Error occured. Error: Invalid document structure .Line Location:1 .Column Location:1

    ).

    11:29:16 Reading                                               00:00:00  00:00:00

    11:29:16 Complete                                              00:00:00

    (FATAL) : [sm-xpsxps-05810] Import failed.

    • Also, should I be worried about "No policy data found"?
    • I executed XPSConfig.exe and told me that no policy server was founded. PS M console says that PS is running.

     

    Thanks a lot



  • 9.  Re: Policy Server - Failed to create the super user account

    Posted Jul 24, 2015 07:50 AM

    hello,

     

    To answer your questions:

     

    1) the command window that you are seeing is the execution of the Java policy server management console. You do not have to type anything there neither close it or it will close the policy server management console.

     

    2) you should not run XPSImport SmMaster.xdd but XPSDDInstall SmMaster.xdd

     

    Check the following for the installation and configuration of the policy store with CA Directory for example:

     

    CA Directory as a Policy Store

     

    Hope it helps,

    Julien.



  • 10.  Re: Policy Server - Failed to create the super user account

    Posted Jul 27, 2015 10:15 AM

    Hallo,

     

    exactly, I run XPSDDInstall and reading again some steps of the installation I figured it out. Policy Server is installed and configured. Thanks. I want to try one more time to install it in Windows Server 2012, let's see what happen. Bye and thanks again