How do I clear or reset the domain (encrytption) keys from my Unix agent? (NETIQKB73294)

  • 7773294
  • 12-Dec-2011
  • 06-Apr-2012

Environment

NetIQ Secure Configuraiton Manager 5.8

NetIQ Security Agent for Unix 5.6

NetIQ Security Agent for Unix 7.1

Situation

How do i clear the domain keys from my unix agent?
My unix agent is registered to another core services what do I do?

Resolution

 

 

Manual reset of SCM encryption Keys for 7.1 and 5.6 Unix Agents

 

1) Remove the system from SCM under IT Assets in both the Managed Groups and Managed Systems

    tabs by right clicking on the host, then select Delete.  Also check under > Agents  > OS

    > Unix and remove it here if its still exists.  It should get removed from this location

    when removed from Managed Groups but in some rare cases it remains.

 

2) Remove the key files from the Unix agent.  Note that PSHOME below refers to the agent base

   installation directory.  If its value is not known then look in /etc/vsaunix.cfg to findfor

   this value.  {OS} applies to the 5.6 agent only and is value can be found bu running the

   uname -s  command on the Unix OS.

       a) 5.6 Unix Agent

           > Run the PSHOME/vsaunix/{OS}/vsau/bin/stopca script to stop the VigilEntAgent

             process.  If a ps command still shows it running after the script completes

             it can be stopped with kill -9.

           > Remove any of the following files if they exist.        

                - PSHOME/vsaunix/{OS}/vsau/local/cache/secret827

                - PSHOME/vsaunix/{OS}/vsau/local/cache/secretkey827

                - PSHOME/vsaunix/{OS}/vsau/local/cache/Agent827.guid

                - PSHOME/vsaunix/{OS}/vsau/local/cache/Endpoint203.guid

                - PSHOME/vsaunix/{OS}/vsau/local/cache/va

                - PSHOME/vsaunix/{OS}/cmnagent/tmp/*

 

       b) 7.1 Unix Agent

           > Run the PSHOME/netiq/vsau/bin/stopca script to stop the VigilEntAgent process.

             If a ps command still shows it running after the script completes it can be

             stopped with kill -9.

           > Remove any of the following files if they exist.        

                - PSHOME/netiq/vsau/local/cache/secret827

                - PSHOME/netiq/vsau/local/cache/secretkey827

                - PSHOME/netiq/vsau/local/cache/Agent827.guid

                - PSHOME/netiq/vsau/local/cache/Endpoint203.guid

                - PSHOME/netiq/vsau/local/cache/va

                - PSHOME/netiq/cmnagent/tmp/*

 

3) Re-add the system back into Secure Configuration Manager Console

     > Right click on Manage Systems  > Manage System

     > Follow the wizard and re-add the system

 

4) Test the endpoint to see if its working OK

     > Run the 'System Uptime' task.  This will validate that the encryption keys to get

       SCM back onto the agent are working or not.

     > Also run the check 'Accounts with UID of 0' to test the check portion of the agent.

     Tasks and checks are run differently.  In some cases tasks might work and checks not.

     If this is the case then please contact NetIQ Support. 

Cause

The domain keys for the Unix agent originally registered core sevices have been lost or are out of snyc and the new need created.

Additional Information

Formerly known as NETIQKB73294