Workaround to Ensure that Sentinel 7.4 and Change Guardian 4.1.1 Integration Works Seamlessly

  • 7017029
  • 30-Nov-2015
  • 01-Dec-2015


NetIQ Sentinel 7.4 Sentinel Server
NetIQ Change Guardian 4.1.1


Change Guardian integration does not work as expected. 


The recommended solution is to simply upgrade to Change Guardian 4.2.  

If for some reason the CG box cannot be upgraded then the next best workaround is to downgrade the Java version on the Sentinel server to JRE 8 update 45.  This allows Change Guardian integration to work seamlessly.  

Steps to downgrade the java version of the Sentinel server. Stop Sentinel.

  1. Stop Sentinel. 
  2.  Go to the Sentinel installation directory (default installation directory is /opt/novell/sentinel) and back up the current jdk folder by running the following command: mv jdk jdk_60 
  3.  Go to the Java SE 8 Archive Downloads web page and download the server-jre-8u45-linux-x64.tar.gz file. 
  4.  Copy the server-jre-8u45-linux-x64.tar.gz file to the Sentinel installation directory.
  5.  Extract server-jre-8u45-linux-x64.tar.gz and rename it as jdk. 
  6.  Set the owner, group, and other file permissions for the newly created jdk directory to the novell user by running the following commands: chown -R novell:novell jdk chmod go-rwx jdk -R 
  7.  Start Sentinel. 
  8.  Run the following command to verify the Java version: /opt/novell/sentinel/jdk/jre/bin/java -version Java version displayed as output for this command should be “1.8.0_45”.   


This issue occurs because Sentinel 7.4 includes Java version 8 update 60, which removes RC4 ciphers. But, Change Guardian uses RC4 ciphers to communicate with Sentinel.