Manually Check for Issues with Custom Binaries and Authentication Schemes
Valid for 12.5x
casso1283
Valid for 12.5x
The UpgradeReadinessCheck tool can help you examine your readiness for 64-bit Policy Server upgrade. The Policy Server installer runs the Upgrade Readiness tool automatically during upgrade and also installs the tool. When the tool is run from the installer during the upgrade, a report is generated and displayed on the installer screen with the details of the 32-bit custom binaries. You can abort the installer at this point or choose to continue and run the tool manually later to identify the 32-bit custom binaries.
Run this tool to identify 32-bit custom binaries that are configured in policy store and all the unsupported authentication schemes. Ensure that all the following reported binaries are 64-bit before starting Policy Server.
- Custom binaries that are configured and are 32-bit. These binaries are not compatible with the 64-bit Policy Server.
- Custom binaries that are configured but are not available in lib or bin.
- Authentication schemes that are configured in the policy store but are no longer supported.
The tool searches for custom binaries in
PS_install
\bin and PS_install
\lib and their subfolders only.Logging
By default, the Upgrade Readiness tool creates a log file named UpgradeReadinessCheck_
timestamp
.txt in one of the following locations, when the tool is run manually:- PS_install\log(Windows)
- PS_install/log (Linux)
When the tool is run from the installer during upgrade, log files are created in
siteminder\install_config_info
folder.: You can optionally specify an alternative location for the log file using the
-of
command-line option.The tool lists unsupported authentication schemes and 32-bit custom binaries of the below categories:
- Authentication schemes of type ‘Custom’
- Directories with Namespace of type ‘Custom’
- Policy Expressions
- Active Rules
- Active Responses
The log file lists the following details for every problematic custom binary and unsupported authentication scheme:
- Binary Name: Specifies the binary name as configured in the Administrative UI.
- Object Name: Specifies the object name as configured in the Administrative UI.
- Object Type: Specifies the type of the object such as directory, authentication scheme, response.
- Object Path: Specifies the path of the object as configured in the Administrative UI.
- Binary Path: Specifies the location of the binary in the bin and lib folders if available. If no binaries are found, the message 'Couldn't find this binary in lib or bin' is displayed.
- Description: Displays if the binary is 32-bit and if the bitness cannot be determined, the message 'Couldn't determine the bitness' is displayed.
To run the tool:
- Verify that the Policy Server is running.
- (Linux) Enter the following command:source ca_ps_env.ksh
- (Optional) Perform this step only if you have changed the authentication port of the Policy Server from 44442 to a different port number.
- Add an environment variable namedURC_AUTHENTICATION_PORTand set the value with the authentication port (TCP) of Policy Server.Example:Linux: export URC_AUTHENTICATION_PORT=32222Windows: set URC_AUTHENTICATION_PORT=32222
- Enter the UpgradeReadinessCheck command and options in the following format:UpgradeReadinessCheck -uusername[-ppassword] [-oflogfilepath]
- -u– Specifies the username of the Policy Server super user accountusername
- -p(Optional) – Specifies the password of the Policy Server super user accountpasswordIf you specify the password using the-poption, the password is visible on screen. To avoid displaying the password, do not specify the-poption; the tool prompts you to enter the password and obfuscates it on screen.
- -of(Optional) – indicates the location where the output log file is created; specify the complete path with the file extension as shown in the following example. If you do not specify this value, the log file is created in the default location.logfilepathUpgradeReadinessCheck -u siteminder -p password -of C:\SSOtest\test1234.txt
Executing the command without any parameters displays the help information. - Review the information displayed on screen or in the log file. If all binaries are 64-bit, the message "No upgrade problems found..." is displayed.