Symantec Access Management

Expand all | Collapse all

Policy store got corruputed

  • 1.  Policy store got corruputed

    Posted 07-20-2018 02:09 AM

    We have siteminder Policy server 12.7 with CA directory 12.7 having Policy store to store data related to Policy server. Somehow our Policy store got corrupted (we are also interested in how it could happen like which scenario?). Now we have to make few changes to few realms value but as ADMINUI console is not taking the predefined password giving error "Unable to process the request. Call your administrator". We have tried registering the ADMINUI but it is throwing many errors and registration is not happening.

     

    Can anyone please suggest how can we recover the policy store? (we don't have any backup for the same ) Is there any way to troubleshoot some part of policy store which is responsible for this issue from policy store and then we can try re-registration post removing that particular part?

     

    Also what could be the impact of this in case our policy server rebooted meanwhile?



  • 2.  Re: Policy store got corruputed

    Posted 07-20-2018 03:22 AM

    Hi ,

     

    Could you please share the steps followed to do a re-registration of Admin UI ? 

     

    Re-register Administrative UI - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation 

     

    Regards,

    Leo Joseph.



  • 3.  Re: Policy store got corruputed

    Posted 07-20-2018 03:28 AM

    Hi Leo,

     

    We have used below steps to re-register ADMINUI.

     

    1. Stop the Administrative service.
    2. From the Administrative UI installation directory, navigate to standalone directory. 
    3. Delete the folders- data, log, and tmp. 
    4. Run the XPSRegClient command on the Policy Server machine.

       XPSRegClient siteminder:<password> -adminui-setup -vT

    5. Start the Administrative UI service.
    6. Access the Administrative UI web page to complete the registration.

      https://<hostname>:8080/iam/siteminder/adminui



  • 4.  Re: Policy store got corruputed

    Posted 07-20-2018 03:35 AM

    Hi ,

     

    a) Could you please share the XPSRegClient.log from siteminder\log folder.

     

    b) Do you see the siteminder.XPSReg getting generated after running the above command under <\CA\siteminder\bin>

     

    c) Screen shot of the error while trying to login to Admin UI ? 

     

    Regards,

    Leo Joseph.



  • 5.  Re: Policy store got corruputed

    Posted 07-20-2018 07:58 AM

    Hi Leo,

     

    I have attached all the details you asked for.

    Attachment(s)



  • 6.  Re: Policy store got corruputed

    Broadcom Employee
    Posted 07-20-2018 02:33 PM

    Hi, 

    Customer should always back their policy store on regular basis.

    I generally recommend multiple method to back up a store, XPSExport, dxdumpdb, as well as physical installation directory.

    Customer's business is at high risk, when there is no store backup, because you will never know if you are able to recover during this time round of data corruption.  We have seen customer's SQL store is corrupted to such state only rolling back store image is able to recover.

     

    So, before you try to figure out if and why admin ui can not login, could you verify now is it even possible to run either XPSExport, dxdumpdb command successfully?

    Fixing admin ui login is different topic, even if can not login admin ui, you may still be able to change the realm value simply by using XPSExplorer tool and alter the value there, but you need to know what you are doing at the command line.

     

    Thank You,

    Hongxu Liu
    CA Single Sign-On Support

     

     



  • 7.  Re: Policy store got corruputed

    Posted 07-23-2018 01:48 AM

    Hi Hongxu,

     

    Thanks for the reply and we are trying to take  the use of existing backup.

     

    Also I am able to run XPSExport, dxdumpdb command successfully from the command line. 

     

    Can you please help in steps to add realm using XPSExplorer tool? I will try that in test env and let you know the outcome in case of any issue.



  • 8.  Re: Policy store got corruputed

    Broadcom Employee
    Posted 07-23-2018 11:17 AM

    If you can run XPSExport, dxdumpdb command successfully, then the store is not badly corrupted as originally thought.

    It may be easier just fix admin ui by re-registering it.

    Bookshelf has steps in reset admin ui registration, link was provided in earlier post.

    Before re-registering, your must follow the steps to clean up previous admin ui registration first. It does not appear you have done that.

    XPSExplorer tool is nice to have when editing a record if you know what you are doing, not great for creating new record, since you can not "see" how objects are linked.

    If you continue to have issue reset admin ui login, you should consider opening a support ticket.

     

    Hongxu Liu
    CA Single Sign-On Support



  • 9.  Re: Policy store got corruputed

    Posted 07-24-2018 02:37 AM

    Hi Hongxu,

     

    Support case 01119320 is already raised for the same.

     

    I have tried few steps as suggested by Leo but unable to perform XPSSecurity steps as we don't have that file n the <siteminder/bin> path. Can you please help how to download it as unable to find it on CA Support portal.

     

    Also the logs are printing same output as shared earlier. Only difference is error got changed which is the correct one . Previous one was sent by mistake.