Symantec Access Management

Dear Community,

We are facing an issue with the scheduled backup. Backup is getting failed.

Please find basic Info.

1. Policy Server Exact Version ? CR ? SP ?

        R12.52 SP1

   2. Policy Server OS & Bit version:-

        OS: Red Hat Linux 5.11    Bit version:x86_64 

   3. Policy store ?

        LDAP - CA directory

Scheduled an automatic weekly backup using scripts under below location

• /opt/CA/autobackup-policystore
• ./autoexport.sh

The script used for the below scheduled backup is as below

• $ cat autoexport.sh

--------------------------------------------------------------------------------------------------------------------------

#!/bin/bash

.
/opt/CA/siteminder/ca_ps_env.ksh

XPSExport
-xb /opt/CA/autobackup-policystore/fullexport_$(date +"%m_%d_%Y").xml
-pass S1t3m1nder

--------------------------------------------------------------------------------------------------------------------------

Backup is getting failed with the below error in the “xpsexport.log” under /opt/CA/siteminder/log/XPSExport.log

Please find the complete log below for your reference

-----------------------------------------------------------------------------

Initializing XPS, please wait...

(ERROR) :[sm-xpsxps-00270] Class 8341 is undefined.

(ERROR) :[sm-xpsxps-00270] Class 8342 is undefined.

(ERROR) :[sm-xpsxps-00270] Class 8343 is undefined.

(ERROR) :[sm-xpsxps-00270] Class 8343 is undefined.

(ERROR) :[sm-xpsxps-06810] Failed to initialize event handler library "/opt/CA/siteminder/lib/libEventIntroscopeprovider.so"

(ERROR) : [sm-xobsm-01110] CA.SM::IMSDirectory@32-000d6109-933f-1592-a2df-eab9ac1a904d(IDV):
[CA.SM::IMSDirectory.UserDirectoryLink]: Invalid attribute:
[CA.SM::UserDirectory@0e-00004bf1-9331-1592-a2df-eab9ac1a904d].

(FATAL) : [sm-xpsxps-05100] Unable to read attribute CA.SM::IMSDirectory.UserDirectoryLink[0] of object
CA.SM::IMSDirectory@32-000d6109-933f-1592-a2df-eab9ac1a904d(IDV)

(FATAL) : [sm-xpsxps-04840] Backup failed.

Log Time Phase/Section                Objects        %%age       #Err Elapsed

--------  ------------------------ --------------- -----------  -----------------

03:50:38 Initializing

03:50:38 Analyzing                         00:00:00                                    

03:50:38 Reading                           00:00:00

03:50:38 Reading/Policy Data         634/6332       10%         00:00:00  00:00:00

03:50:38 Reading/Policy Data        1267/6332       20%        00:00:00  00:00:00

03:50:38 Reading/Policy Data         1900/6332       30%       00:00:00  00:00:00

03:50:38 Reading/Policy Data         2533/6332       40%       00:00:00  00:00:00

03:50:38 Reading/Policy Data        3166/6332       50%       00:00:00  00:00:00

03:50:38 Reading/Policy Data         3800/6332       60%       00:00:00  00:00:00

03:50:38 Reading/Policy Data         4433/6332       70%       00:00:00  00:00:00

03:50:39 Reading/Policy Data         5066/6332       80%       00:00:01  00:00:01

03:50:39 Reading/Policy Data         5699/6332       90%       00:00:01  00:00:01

03:50:39 Reading/Security Data       6279/6332       99%       00:00:01  00:00:01

03:50:39 Sorting/Policy Data            0/6091                 00:00:01

03:50:39 Sorting/Policy Data          610/6091       10%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         1219/6091       20%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         1828/6091       30%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         2437/6091       40%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         3046/6091       50%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         3655/6091       60%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         4264/6091       70%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         4873/6091       80%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         5482/6091       90%       00:00:01  00:00:00

03:50:39 Sorting/Policy Data         6091/6091      100%       00:00:01  00:00:00

03:50:39 Writing/Header                                        00:00:01

03:50:39 Writing/References           248/6580        3%       00:00:01  00:00:00

03:50:40 Writing/Policy Data          658/6580       10%       00:00:02  00:00:01

03:50:40 Writing/Policy Data         1316/6580       20%       00:00:02  00:00:01

03:50:40 Writing/Policy Data         1974/6580       30%       00:00:02  00:00:01

03:50:40 Complete

------------------------------------------------------------------------------------------------------

Can anyone help me on this issue please

Thanks & Regards,

Rajesh

Please run XPSSweeper and paste result here.

Thanks,

Ankush

Hi Rajesh,

You might have a caching or indexing problem on the Policy Store :

(ERROR) :[sm-xpsxps-00270] Class 8341 is undefined.

(ERROR) :[sm-xpsxps-00270] Class 8342 is undefined.

(ERROR) :[sm-xpsxps-00270] Class 8343 is undefined.

(ERROR) :[sm-xpsxps-00270] Class 8343 is undefined.

(ERROR) : [sm-xobsm-01110] CA.SM::IMSDirectory@32-000d6109-933f-1592-a2df-eab9ac1a904d(IDV):
[CA.SM::IMSDirectory.UserDirectoryLink]: Invalid attribute:
[CA.SM::UserDirectory@0e-00004bf1-9331-1592-a2df-eab9ac1a904d].

(FATAL) : [sm-xpsxps-05100] Unable to read attribute CA.SM::IMSDirectory.UserDirectoryLink[0] of object
CA.SM::IMSDirectory@32-000d6109-933f-1592-a2df-eab9ac1a904d(IDV)

How did you configured the CA Directory Policy Store ?

Do you have the same issue if you run the XPSExport command manually ?

Best Regards,

Patrick

Hi Patrick,

Apologize for the delay and thanks for the response.

1) How did you configured the CA Directory Policy Store ?

    Migrated from sun one directory server to CA directory few months back. After migration we did not face this issue, recently getting this issue.

2) Do you have the same issue if you run the XPSExport command manually ?

     Yes, we do have the same issue while executing the XPSExport command manually. But back up file is getting generated.

Thanks much for understanding

Regards,

Rajesh

"Class 8341 is undefined." and "CA.SM::IMSDirectory.UserDirectoryLink[0]" indicate you have IDM installed and XPS data dictionary may be corrupted.

When IDM is integrated with siteminder, policy store schema has to be extended.

The error is a hint there may be something wrong with store data itself.

Sometimes utility XPSDDInstall to load an XPS Data Dictionary definition (XDD) file into an XPS Policy Store will fix it, but not always. e.g.

XPSDDInstall SmMaster.xdd

XPSImport smpolicy.xml -npass

For IDM

XPSDDInstall IdmSmObjects.xdd

First, restarting policy server see if problem is still there. Check all policy servers using XPSSweeper see if same error presents.

Check recent change record of what is changed in store data or schema.

Point policy server to an older store (working backup) see if error is still there.

If all attempts fails, you may need a freshly build store from a healthy backup.

Hongxu

Hi Hongxu,

Thanks for the response.

I have referred the following link and performed the steps provided in the link.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1248281.aspx

Restarted the policy server but still the issue persists.

Do you want me to import the below files policy store data definitions..?

  - XPSDDInstall SmObjects.xdd

  - XPSDDInstall EPMObjects.xdd

  - XPSDDInstall SecCat.xdd

  - XPSDDInstall FssSmObjects.xdd

If I execute the above commands, will it impact the policy server..?

If I execute the command XPSExport manually backup is getting generated but getting the below error.

-----------------------------------------------------

Failed to initialize event handler library "/opt/CA/siteminder/lib/libEventIntroscopeprovider.so"

-----------------------------------------------------

We are facing the above issue since we have upgraded the Siteminder policy server to R12.52 SP1.

Please help me on this.

Thanks much for understanding.

Regards,

Rajesh

Rajesh,

libEventIntroscopeprovider.so belongs to APM product, the error itself is not concern. It simply means APM integration was not completely setup yet.
You should always have store directory backed up ready before running XPSDDInstall, because it potentially changes the store data content. 
XPSDDInstall IdmSmObjects.xdd may be a step missing, because this is where IDM object class error comes in.

Again, there is no guarantee this will fix it, if the store was corrupted elsewhere.
Using those methods I mentioned earlier should help you narrow down the actual cause.

Last resort will be rebuild your store from exist back up file or fresh newly build one.

Thanks,

Hongxu

Hi Hongxu,

Even after executing the utility XPSDDInstall to load on XPS Data dictionary definition facing the same issue.

Regards,

Rajesh