Uagent column in Unix Manager scans yellow or displays psekfile? (NETIQKB47052)

  • Document ID:7747052
  • Creation Date:02-Feb-2007
  • Modified Date:19-Apr-2012
    • Micro Focus Products:
      Secure Configuration Manager

Environment

NetIQ Security Agent for Unix 5.6

Unix Manager 5.6

Situation

Scanning the host In Unix Manager the Uagent column shows 'psekfile?' and is yellow
Re-Generating the Unix agent to Unix Manager psekfile encryption key reports 'Unable to update key for host ($HOSTNAME) Couldn't find key that works.'

Resolution

  1. The psekfile encryption key has not been created.  To create the psekfile encryption key file:
    • In Unix Manager Click Manage Agents> License > Re-Generate keys.
    • Select the appropriate host or hosts.
    • Click OK.
    • When the regeneration process finishes, click Hosts > Scan Hosts.
  2. The psekfile encryption key exists but is either corrupt or was created by another Unix Manager Console.  When this happens, the Re-Generate keys process will report  'Unable to update key for host ($HOSTNAME) Couldn't find key that works.'  Either remove/recreated the key or import the key in it was previously exported.
    • Remove/Recreate
      1. Log in to the Unix machine as root.
      2. Change to the PSHOME/vsaunix/{OS}/bin directory.  PSHOME is the base directory on the Unix OS where the agent is installed.  If not known look at its value in /etc/vsaunix.cfg.   {OS} is the specific Unix OS flavor,  use   uname -s   to find its value but this should be automatically populated in the directory structure.
      3. Remove  psekfile.
      4. Run the Re-Generate Keys step again
    • Import the key file ( .psh)
      1. In Unix Manager > Manage Agents > Hosts > Edit Hosts > click Import Hosts > browse to the .psh file and highlight > Open
  3. There is host name resolution issues from the Unix Manager to the Unix agent system.
    • If so then using the IP Address of the Unix agent system when adding the host into Unix Manager should work.  But check DNS and other naming mechanism to ensure proper configurtion of the host name.  In some cases adding the Unix agent systems host name to the local hosts file on the Unix Manager workstation will resolve this.

Cause

  1. The psekfile encryption key has not been created     or
  2. The psekfile encryption key exists but is either corrupt or was created by another Unix Manager console    or
  3. There is host name resolution issues from the Unix Manager to the Unix agent system.

Additional Information

Formerly known as NETIQKB47052