Symantec Access Management

Tech Tip : CA Single Sign-On : Policy Server :: Agent Connection : Failed to decrypt persistent key 

  • 1.  Tech Tip : CA Single Sign-On : Policy Server :: Agent Connection : Failed to decrypt persistent key 

    Posted 06-19-2018 02:30 AM

    Issue:

     

    We're running a Policy Server, and when Web Agent starts, it cannot connect to the
    Policy Server, and the Policy Server reports the error :

    [30474/140414308816640][Thu May 17 2018
    14:46:38][SmObjKeyManagement.cpp:459][ERROR][sm-Server-03080] Failed
    to decrypt persistent key

    It's a new installation.
    So far, we've :

    - Exported the old policy store on the old server
    - Added the schema to the new MS SQL 2014 database (CA SSO 12.52 schema)
    Imported old store


    Environment:
    Policy Server 12.8 on RedHat 7;
    Policy Store on MSSQL 2014;

     

    Cause:

     

    The problem here is that the encryption key between the environment
    where you exported the keys is different than the one where you import
    data.

     

    Resolution:

     

    In order to make both environment running the same encryption keys,
    please follow the steps described in that documentation :

    Reset the r12.x Policy Store Encryption Key
    https://docops.ca.com/ca-single-sign-on/12-8/en/administrating/manage-encryption-keys/reset-the-r12-x-policy-store-encryption-key

    Additional Information:

     

    Further related document :

    SiteMinder r12.52 SP1 CR05 smkeyimport command error/failed
    https://communities.ca.com/thread/241758914

     

    KB : KB000097073