Installation and Upgrade Guides › SiteMinder Upgrade Guide › Troubleshoot a SiteMinder Key Database Migration

Troubleshoot a SiteMinder Key Database Migration

Status of CA SiteMinder® Key Database Migration Unknown

Symptom:

I know that a Policy Server was upgraded. However, I am not sure that the smkeydatabase migration to the certificate data store was successful.

Solution:

Use the smkeydatabase migration utility (smmigratecds) to verify that the migration was successful.

Note: The default location of this utility is siteminder_home\bin.

siteminder_home

Specifies the Policy Server installation path.

Follow these steps:

1. Log in to the Policy Server host system on which the smkeydatabase is collocated.
2. Do one of the following steps:
   • (Windows) Open a command prompt and run the following command:

     smmigratecds.bat -isComplete
     

     -isComplete

     Verifies that a previous migration succeeded.

   • (UNIX) Open a shell and run the following command:

     smmigratecds.sh -isComplete
     

   If the migration was successful, a message states that the system has already been migrated. If the migration failed, a message states that the system must be migrated.

Certificate Data Store Error Appears

Symptom:

I received a message stating that the certificate data store is not configured.

Solution:

Follow these steps:

1. If you are upgrading from r6.x, extend the policy store schema.
2. Log in to the Policy Server host system.
3. Run the following command:

   XPSDDInstall CDSObjects.xdd
   

   The policy store schema is extended to support the certificate data store.

4. Do one of the following steps:
   • (Windows) Open a command prompt and run the following command:

     smmigratecds.bat -validateInstall
     

     validateInstall

     Verifies if the certificate data store is installed correctly.

   • (UNIX) Open a shell and run the following command:

     smmigratecds.sh -validateInstall
     

     If the certificate data store is configured correctly, a message states that the installation is valid. If the certificate data store installation failed, a message states that the installation is not valid.

5. Migrate the CA SiteMinder® key database manually.

More information:

Migrate a CA SiteMinder® Key Database Manually

Migration Failed Error Appears

Symptom:

I received a message stating that the smkeydatabase migration failed.

Solution:

The migration utility (smmigratecds) compared the contents of the smkeydatabase to the certificate data store and identified one or more data inconsistencies. An example of a data inconsistency is the same alias mapping to different certificates.

These inconsistencies prevented a successful migration.

Follow these steps:

1. Use the smkeydatabase migration log (smkeydatabaseMigration.log) to identify the problem.

   The log is located in siteminder_home\log.

   siteminder_home

   Specifies the Policy Server installation path.

2. Access the smkeydatabase using the smkeytool utility with the access legacy key store flag (–accessLegacyKS).
3. Resolve the data inconsistencies that resulted in the failure.

   Note: For more information about using smkeytool, see the Policy Server Administration Guide.

4. Migrate the smkeydatabase manually.

More information:

CA SiteMinder® Key Tool

Migrate a CA SiteMinder® Key Database Manually

Symptom:

I want to migrate smkeydatabase certificate data to the certificate data store manually.

Solution:

Use the smkeydatabase migration utility (smmigratecds).

Follow these steps:

1. Be sure that all smkeydatabase instances are synchronized.
2. Log in to the Policy Server host system on which the smkeydatabase is collocated.
3. Do one of the following steps to verify that the certificate data store is configured correctly:
   • (Windows) Open a command prompt and run the following command:

     smmigratecds.bat -validateInstall
     

     -validateInstall

     Verifies that the certificate data store is installed correctly.

   • (UNIX) Open a shell and run the following command:

     smmigratecds.sh -validateInstall
     

4. Do one of the following steps to compare the contents of the smkeydatabase to the certificate data store. Comparing the contents identifies data inconsistencies that can prevent a successful migration:
   • (Windows) Run the following command:

     smmigratecds.bat -validate -log log_file
     

     -validate

     Compares the contents of the smkeydatabase to the certificate data store.

     -log

     Sends the validation results to a log.

     log_file

     Specifies the name of the log file and the location to which the utility sends it.

     Example: -log "C:\Progam Files\Sample\Logs"

   • (UNIX) Run the following command:

     smmigratecds.sh -validate -log log_file
     

5. (Optional) If data inconsistencies exist, use the log file to identify the problem.
6. Do one of the following steps to begin the migration:
   • (Windows) Run the following command:

     smmigratecds.bat -migrate -log log_file
     

     -migrate

     Migrates the smkeydatabase to the certificate data store.

     -log

     Sends the migration results to a log.

     log_file

     Specifies the name of the log file and the location to which the utility sends it.

     Example: -log "C:\Progam Files\Sample\Logs"

   • (UNIX) Run the following command:

     smmigratecds.sh -migrate -log log_file
     

7. (Optional) If the migration fails, use the log file to identify the cause.