Symantec IGA

 View Only
  • 1.  14.4 CP1 upgrade and Remote Connector Server

    Posted Sep 15, 2022 10:46 AM
    We have a setup with virtual appliances running the IGA applications and a Windows Remote Connector server for AD provisioning.

    We upgraded from 14.4.0 (GA) to 14.4.1 (CP1) today and while everything went well with the appliances, I am running into problems when trying to update the Remote Connector Server.

    With CP1 there is no packaged installer for the Remote Connector Server (nor the tools) - rather these need to be manually updated using the standalone versions of CP1 for the source.

    This involves using the CP-IMPS-1441 package that comes from the CP-IM-1441.tar.gz CP source.

    From that package two items were upgraded on the Remote Connector server: ETPKI and CCS.

    The ETPKI update involved copying 5 dlls into place.

    The CCS update involved stopping the JCS and CCS services, taking a backup of the bin and data folders and then adding new versions of the bin and data folders.  After this JCS and CCS were started.

    While JCS came up OK, the CCS service did not start, rather it presented an error message concerning a "service-specific error code 19" error.

    I restarted the Windows server to see if that would help, but after starting up the CCS service still refused to start, giving the same error.

    If I drop the 14.4.0 bin and data folders back into the CCS config then they both start as expected.

    There isn't much room for incorrectly applying the instuctions - so I wonder if there is anything else that needs to be done, that previously was done by the installer but now needs to be done manually?

    Has anyone seen this error before?


  • 2.  RE: 14.4 CP1 upgrade and Remote Connector Server

    Posted Sep 16, 2022 01:12 AM

    Hi Adrian,

    There are two patches with respect to CCS (one with JCS and the other with IMPS) Can you please let us know which CCS patch have you applied.

    I hope you have applied ETPKI as well

    Avinash Gupta

  • 3.  RE: 14.4 CP1 upgrade and Remote Connector Server

    Posted Sep 16, 2022 02:44 AM
    I have applied the JCS patch.  Followed steps 7-10 from the instructions document.  And yes, the ETPKI update has been applied as well.

    As we are using virtual appliances it is only the JCS part that is present on the Remote Connector Server - the IMPS part is found on the virtual appliances, which have been upgraded using the iga-vapp-14-4-1.tar.gpg patch file:

    "This patch file upgrades existing 14.4.X vApp systems.

    If you proceed, the below product upgrades will execute in the following order:

    * Virtual Appliance platform scripts and web-ui version 14.4.1

    * CA Directory 14.4.1 (14.1.02 build 16555)

    * Identity Manager 14.4.1

    * Identity Governance 14.4.1

    * CA Provisioning Directory 14.4.1

    * CA Provisioning Server 14.4.1

    * Identity Portal 14.4.1"

    For previous upgrades of the Remote Connector a separate installer was provided, but this stopped with 14.4 GA.

  • 4.  RE: 14.4 CP1 upgrade and Remote Connector Server

    Posted Sep 16, 2022 04:09 AM
    A little more digging this morning has shown that when we try to start the CCS service the following error is present in the Event Viewer System logs:

    "The Symantec Identity Manager - Connector Server (C++) service terminated with the following service-specific error:
    The media is write protected."

    We tried starting a command prompt as the user who runs the CCS service and running the im_css,exe executable from there in the hope of getting more diagnostic info, but it tried to start slapd and gave a .\slapd.conf no such file or directory error, so it's not clear where the im_ccs.exe gets started from when run as a service (certainly not the CCS\bin directory).

    I notice that in our original data directory there are four directories, ACC, ads, PLS and tls, which are not present in the data directory supplied with the CP.  I have tried starting the service both with and without these folders in the the new 14.4.1 data folder and get the same behaviour, so assume they are not the reason for what we are seeing.  I'm guessing these should be included in the 14.4.1 data folder so copied over during the upgrade?

  • 5.  RE: 14.4 CP1 upgrade and Remote Connector Server

    Posted Sep 16, 2022 05:03 AM
    Fixed now!

    It seems I was a bit too literal when following the install instructions.

    Instead of moving the new bin and data folders into the CCS directory and moving the old folders sideways, what needs to be done is copy the contents of the 14.4.1 bin and data folders into the existing bin and data folders.

    This is because there are three config files, etrust_admin.conf, im_ccs.conf and reg_path.conf that are not present in the CP1 install files and need to be present for the CCS service to start successfully.

    The media write errors were due to not being able to open one of these three files.

    I hope this can be of use to anyone else who runs into this when upgrading to 14.4.1.  It is a shame that installers have been removed and this all has to be done manually now.