PAM stops working after upgrading 3.5.0.4 to 3.6

  • 7024346
  • 17-Dec-2019
  • 17-Dec-2019

Environment

Privileged Account Manager 3.5.0.4
Privileged Account Manager 3.6
Privileged Account Manager 3.6.0.1

Situation

PAM login doesn’t work after upgrading 3.5.0.4 to 3.6 or 3.6.0.1

Logs at /opt/netiq/npum/logs/unifid.log record the following:
Error, Failed to load library lib/regclnt: /opt/netiq/npum/service/local/regclnt/lib/regclnt.so: undefined symbol: spf_ssl_compare_cipher_node
Error, Failed to load module regclnt: 120004(configuration error)
Error, Failed to load library lib/registry: /opt/netiq/npum/service/local/registry/lib/registry.so: undefined symbol: spf_ssl_compare_cipher_node
Error, Failed to load module registry: 120004(configuration error)

Resolution

  1. Please restore PAM 3.5.0.4 by following the steps provided below. PAM keeps an internal backup of files before packages are upgraded. The solution is to move back to these original packages before proceeding to step 2 below.

    Below are examples of this operation for both Linux and Windows Managers:

    Script for Linux Manager

    # Stop PAM service
    /etc/init.d/npum stop

    # Create a folder to keep copy    of existing files
    mkdir /opt/netiq/backup_36

    # Take backup of existing files
    mv /opt/netiq/npum/bin    /opt/netiq/backup_36
    mv /opt/netiq/npum/scripts /opt/netiq/backup_36
    mv /opt/netiq/npum/lib    /opt/netiq/backup_36
    mv /opt/netiq/npum/spf.def /opt/netiq/backup_36

    # Copy the files from PAM internal    backup folders to working folders
    cp -R /opt/netiq/npum/.backup/bin /opt/netiq/npum/
    cp -R    /opt/netiq/npum/.backup/scripts /opt/netiq/npum/
    cp -R /opt/netiq/npum/.backup/lib /opt/netiq/npum/
    cp -R    /opt/netiq/npum/.backup/spf.def /opt/netiq/npum/

    # start the service
    /etc/init.d/npum    start

    Steps for Windows Manager

    1. Stop PAM service.
      e.g. Command prompt: net stop npum
      Or Services console: stop “NetIQ Privileged Account Manager” service
    2. Take a backup of the existing and following folders/files from the installation path (default C:\Program Files):
      <install path>\netiq\npum\bin
      <install path>\netiq\npum\lib
      <install path>\netiq\npum\spf.def
    3. Replace the working folders/files with the files from PAM internal backup folder
      <install path>\netiq\npum\.backup\bin  ->  netiq\npum\
      <install path>\netiq\npum\.backup\lib  ->  <install path>\netiq\npum\
      <install path>\netiq\npum\.backup\spf.def  ->  <install path>\netiq\npum\
    4. Start the service.
      e.g. Command prompt: net start npum
      Or Services console : start “NetIQ Privileged Account Manager” service


  2. Chose one of the following upgrade paths, which should be successful:
  • Upgrade from 3.5.0.4 to 3.5.0.5 and then proceed to upgrade to the 3.6.x version.
  • Upgrading from 3.5.0.4 to 3.6.0.2 doesn't have this issue. Packages pulled from the channel provides 3.6.0.2 packages and not 3.6/3.6.0.1.