000016035 - Are external database updates needed when upgrading RCM 6.7 to RCM 6.8?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000016035
Applies ToRSA Certificate Manager 6.8
IssueWhat database updates are needed when upgrading RCM 6.7 to RCM 6.8?
When modifing a jurisdiction after upgrading RCM, an error "Failed to modify the configuration" occurs

Unable to uncheck "Enforce profile definition" option in a jurisdiction and unable to save changes.  If Microsoft ADAM is being used for High Availability (HA) with RSA Certificate Manager, the following messages show in the db plugin log after the attempt to update the jurisdiction:

Logging started at Wed Jun 03 13:30:09 2009
Failed to modify entry: rcm-0xudaDN=IDXEQ222333444CCCDDD555666777EEE111XSEPCNXEQDOMAINSXSEPCNXEQCONFIG,CN=RSACM,DC=domain,DC=com [LDAP error 16]
Failed to modify entry: rcm-0xudaDN=IDXEQ111111222222AAAAAA333333CCCCCCXSEPCNXEQDOMAINSXSEPCNXEQCONFIG,CN=RSACM,DC=domain,DC=com [LDAP error 16]
Failed to modify entry: rcm-0xudaDN=IDXEQAAAAADDDDDD3333333ABABABAB12312312XSEPCNXEQDOMAINSXSEPCNXEQCONFIG,CN=RSACM,DC=domain,DC=com [LDAP error 16]

Resolution

When using external directory with RSA Certificate Manager for High Availability, ensure that schema is updated on the external directory (the example below is for Microsoft ADAM, but similar instructions/ldif for SUN One Directory Server are also available):

  RCM 6.7 upgraded to RCM6.8 Build 514 - run 67to68rcm-active-directory-schema.ldif
  RCM 6.7 upgraded to RCM6.8 Build 515 - run 67to68rcm-active-directory-schema.ldif and 67to68rcm-active-directory-schema-update.ldif
  RCM 6.7 upgraded to RCM6.8 Build 516 - run 67to68rcm-active-directory-schema.ldif and 67to68rcm-active-directory-schema-update.ldif


When internal default db is being used with RSA Certificate Manager, and dropped in Build 515 or higher after upgrading to RCM 6.8 Build 514, remember to run the following to update schema:

https://hostname:admin-port/ca/admin/updateprofiles6.8.xuda
https://hostname:admin-port/ca/admin/schemaUpdate.xuda

Restart the RCM "Secure Directory Service"

If you are using the full release of build 515 or higher to perform an upgrade then the schema changes for the internal database are already built in and no manual updates are required.
Legacy Article IDa46333

Attachments

    Outcomes