Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : AdminUI cannot save long AgentName value in Novell eDirectory Policy Store

  • 1.  Tech Tip : CA Single Sign-On : AdminUI cannot save long AgentName value in Novell eDirectory Policy Store

    Broadcom Employee
    Posted Apr 03, 2018 09:41 AM

    Issue:

     

    We're running AdminUI, and when we create a new ACO, and we set the value as multiline with 255 values in the AgentName like this :

    abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstu<index>
    (<index> being replaced with number from 1 to 255)

    Then, when saving the configuration, the AdminUI and Policy Server shows an error :

     

    Error in AdminUI:

     

    Error:Task failed.
    Fatal:Failed to execute CreateAgentConfigEvent.
    ERROR MESSAGE: SmApiWrappedException:CA.SM::
    AgentConfig@21-00078b4a-7155-1a04-8993-01017f0090dd: Create failed. (Unknown Failure)

     

    Error in the Policy Server:

     

    [53946/4023868272][Thu Nov 09 2017 10:16:44][SmObjProvider.cpp:187][ERROR][sm-Server-03090] Policy store failed operation 'Save' for object type 'Property' . LDAP Error creating new Property object
    [53946/-271099024][Thu Nov 09 2017 10:16:44][SmAdapterPropertySection.cpp:528][Save][ERROR][sm-xadobj-00110] CA.SM::AgentConfig@21-00078b4a-7155-1a04-8993-01017f0090dd: Create failed. (Unknown Failure)

    [53946/-271099024][Thu Nov 09 2017 10:16:44][SmStore.cpp:326][Create][ERROR][sm-xobsm-00960] Failed to create object. (CA.SM::AgentConfig@21-00078b4a-7155-1a04-8993-01017f0090dd(aco-test))
    [53946/-271099024][Thu Nov 09 2017 10:16:44][XPSIO.cpp:1578][CreateObject][ERROR][sm-xpsxps-00540] Previous error occurred on object "CA.SM::AgentConfig@21-00078b4a-7155-1a04-8993-01017f0090dd(aco-test)"
    [53946/-271099024][Thu Nov 09 2017 10:16:44][XPSPolicyData.cpp:1244][CommitOrTestRollback][ERROR][sm-xpsxps-00740] XPS Transaction COMMIT has failed.
    [53946/-271099024][Thu Nov 09 2017 10:16:44][XPSPolicyData.cpp:409][CreateOrUpdateImpl][ERROR][CA-SM-Assert] Assert failed: Commit()
    [53946/-271099024][Thu Nov 09 2017 10:16:44][XPSSvcHandlerManageObjects.cpp:249][ProcessRequest][ERROR][sm-xpssvc-00650] Failed Create Operation
    [53946/-271099024][Thu Nov 09 2017 10:16:44][XPSSvc.cpp:164][InvokeHandler][ERROR][sm-xpssvc-00020] Cannot Process the Request.

    How can we fix this?

     

    Environment:

     

    Policy Server 12.52 SP1 CR01 on Redhat 6
    AdminUI 12.52 SP1 CR01 on Redhat 6

    Resolution:

     

    Investigate with Support team from Novell eDirectory. Even if the Novell eDirectory Ldap Policy Store reports an error, it writes some incomplete data. As seen, the same incomplete data is then reported in the AdminUI as well as in XPSExplorer. As such, AdminUI and Policy Server are in sync with the Policy Store data.

     

    KB : KB000075003