Symantec Access Management

  • Private Community
 View Only
Back to Library

Tech Tip : CA Single Sign-On : Class is Unidentified Errors While Configuring Policy Store Replication 

May 07, 2018 05:26 AM

Issue:


We followed below CA Directory documentation to setup policy store replication between 2 DSAs, and we are getting multiple multiple class "xxxxx" is undefined error via the console:

(ERROR) : [sm-xpsxps-00270] Class 712809123 is undefined.
(ERROR) : [sm-xpsxps-00270] Class 712809123 is undefined.
(ERROR) : [sm-xpsxps-00270] Class 1397826539 is undefined.

This issue is observed only when we setup policy store replication between 2 DSAs

We have set-up Multiwrite-DISP Replication between DSAs as documented:

https://docops.ca.com/ca-directory/12-6/en/administrating/set-up-replication/multiwrite-replication-with-disp-recovery-multiwrite-disp/example-set-up-multiwrite-disp-replication-between-dsas

How can we resolve this?

 


Environment:


Policy Server = Version: 12.7; Update: 00.00; Build: 1194; CR: 00; on Red Hat Enterprise Linux Server release 6.9

CA Dir as Policy Store = dxserver 12.6.03 (build 14056) on Red Hat Enterprise Linux Server release 6.9

 


Cause:


The class undefined errors are coming because you separately initialized both policystores and later tried to enable “multi-write DISP recovery”.

However, according to the documentation https://docops.ca.com/cad126/administrating/set-up-replication/multiwrite-replication-with-disp-recovery-multiwrite-disp/add-a-dsa-to-a-multiwrite-disp-system, the second store needs to be an empty one.

 


Resolution:


Follow below steps to correctly configure Policy Store Replication:


1) Created a new instance of CA Directory (ps1) & followed the documentation https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-a-ca-directory-policy-store to configure it as policy store with Policy Server1. All default objects got imported to the policystore and XPSRegClient worked perfectly fine. Later the policyserver 1 was stopped.

2) Created a new instance of CA Directory (ps2) on a different machine. Only changes to the config & initialization files was done. All steps from the topic “Open the DSA” have not been performed. So basically this store did not have any data in it.

3) Followed the steps in the document https://docops.ca.com/cad126/administrating/set-up-replication/multiwrite-replication-with-disp-recovery-multiwrite-disp/example-set-up-multiwrite-disp-replication-between-dsas/ to enable multi-write disp recovery among both the policy stores (ps1 & ps2 resp)

4) Verified the CA Directory logs and confirmed that the replication was successful.

5) Connected to ps2 using JXplorer and observed that the objects got replicated successfully.

6) Now, pointed PolicyServer2 to ps2 instance & observed that the PS started successfully.

7)Executed XPSRegClient on PolicyServer2, the command got executed successfully without any errors.

 

 

KD : KB000077017

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.