Known Issues and Bugs

This section describes the known issues in the Sun OTP 2.0 release.

Sun OTP Installation Fails When Sun OTP System Management Service Attempts to Install (6587478)

When you install the Sun OTP system management service using -installManagement of the deployOTP script or the Graphical User Interface (GUI), you might get the following error message:

postgres is already in use

Workaround:

Apply this workaround before running -installManagement in the silent installation or run Step 5 Install System Management Service in the GUI installation.

1. Open the /etc/nsswitch.conf file.

2. Remove all the entries in the file except the files entry from passwd and group lines.

3. Rerun the Install System Management plan.

   # /opt/SUNWotp/cli/deploy_otp --installManagement --file /export/input_otp.dat

jesHANodeList Variable Value Should Have the Correct Syntax (6582146)

When you prepare the Sun OTP host plan worksheet, ensure that the syntax of the jesHANodeList variable is h1_hostName:h1_zoneName+h2_hostName:h2_zoneName. Otherwise, you might get the following error message during installation:

No primary node could be found for resource group

nodeType Variable Has to be Set Correctly (6588817)

While creating and configuring the non-global zone, ensure that the value of the nodeType variable is correct and the same as for the global zone of the respective cluster node. The values of the nodeType variable can be single, first, or additional.

Sun OTP Shared Filesystem /var/js Does Not Have an /etc/vfstab Entry (6616595)

The Network File System (NFS) High Availability agent logs a message to the /var/adm/messages file when the exported directory does not reside on a shared storage. This applies to a single-node deployment scenario of Sun OTP.

The following message is displayed:

WARNING: Share path /var/js may be on a root file system or any file system that does not have an /etc/vfstab entry.

This message can be safely ignored.

Invalidate Sun OTP Security Service Session in Web SSO Does Not End the Sun OTP System Management Service Session (6579392)

When you invalidate the Sun OTP security service in Web SSO, the Sun OTP application provisioning service session ends. However, the Sun OTP system management service session does not end.

Web SSO Might Not Work if Old Cookies Are Stored in the Browser (6629927)

Web SSO feature might not work correctly if old cookies are stored in the browser.

Workarounds:

Use any one of the following methods:

• Stop and restart all the instances of the browser. This process clears all the nonpersistent cookies.

• Log out and log in to the Web SSO.

• Remove all the cookies stored in the web browser.

Deleted Web SSO User Cannot be Added Again (6629420)

You cannot add a new Web SSO user with the same name of a deleted Web SSO user. The following error message is displayed in the /var/OTP/SUNWotp.log file.

FATAL: Failed to execute /var/otp/spsotp/N1_Service_Provisioning_System_5.2//cli/bin/cr_cli -cmd udb.u.add -nu sso111 -np

***** -ng NM:admin exp:/var/tmp/aaakKaGo5 2>&1" - error code 1 !

FATAL: Command Output:A user with that username already exists. (015110)

Workarounds:

Use any one of the following methods:

• Do not delete users which might be recreated in the future. Instead set such passwords of these users, which are difficult to guess.

• Use a different user name for the new user.

N1SPS Restore Plan Does Not Enable Multiple Simultaneous Restore Operations (6610453)

Check if the security service is running on a node before attempting to run the Backup and Restore plans.

Workaround:

Using the GUI, make the following changes in the Restore plan:

1. Add options to restore N1SPS, N1SM, or the security service to make the security service consistent with the GUI of the Backup plan.

2. Provide the name of the backup directory as an input for the Restore plan. The backup directory is the directory used in the Backup plan. This directory should be consistent across all nodes. You do not need to type different file names for different nodes.

---

Note –

You cannot run the Restore plan in multiple nodes simultaneously as different nodes cannot stop or start the Resource Group system at the same time.

---

lucreate Tries to Access and Verify Nonaccessible Slices (6625672)

The operating system upgrade plan fails if an inaccessible slice is included in the /etc/vfstab file.

Workaround:

Remove or comment out the nonaccessible slices from the /etc/vfstab file.

otp-eng-s13:/opt/SUNWotp# grep c0t1d0s6 /etc/vfstab 
#/dev/dsk/c0t1d0s6      /dev/rdsk/c0t1d0s6      /otp1.1 ufs     3       yes -
otp-eng-s13:/opt/SUNWotp# 

Self-Contained Installation Server Fails (6622214)

Self-contained installation server fails after the zone installation step.

Workaround:

Due to N1 SPS limitations, you can only use the files and DNS naming service for the Sun OTP provisioning server. If your deployment depends on NIS or NIS+ for resolving names, add the logicalhostname/logicalip mapping to the /etc/hosts file.

SPS Running on a Cluster Node Cannot be Used to Change Web SSO User Password (6629114)

This configuration is not supported. If the system is installed from a Sun OTP provisioning server or from a SPS that resides on a different cluster, the SPS on the installed cluster does not contain any information about the installed components. Therefore, no Web SSO plans can be invoked from the SPS on the newly installed cluster.

Restoring the High Availability Functionality Is Not Available (6633849)

This feature is not supported. You can back up a Sun OTP cluster configuration, but cannot restore it.

During the Execution of Web SSO Install Plan, the Primary Node Fails Due to Lack of Available Swap Space on the System (6634367)

Workaround:

Do not cancel the SPS plans while deploying Sun OTP using N1SPS BUI. This feature is not supported SPS version 5.2.4

Setup Configuration Plan Does not Update the otp.reg File (6640598)

You can change the type of the node, that is, single, first, or additional, only if no other plan apart from the Setup Configuration plan is executed. Changing the node in the later stages is not supported.

Workaround:

1. Modify the following N1SPS variable:

   • hostType for a GUI installation

   • hx_hostType in the .dat file for a CLI installation

2. Log in to the server where you need to change the node type.

3. Remove the line starting with NODE_TYPE= from the /var/OTP/otp.reg file.

4. Rerun the Setup Configuration plan.

Deletion of the N1SPS OTP Plug-in Requires the Deletion of all Hosts (6458703)

While running the plan to configure the first node of the cluster, deletion of N1SPS OTP plug-in fails after reboot due to cluster configuration, and fails to run n1smconfig.

Workaround:

Before deleting the N1SPS OTP plug-in, delete all the hosts that use the plug-in. Otherwise, the plug-in deletion fails.

To delete a plug-in, do the following:

1. Delete all the host that used the N1SPS OTP plug-in.

2. Delete the N1SPS OTP plug-in.

Single Node Installation Fails if a Shared Volume /var/js is Created (6579762)

Workaround:

For a single node installation, do not create a shared volume /var/js for N1SM. The installation fails if you create a shared volume.

N1SM create os and SPS import os Plans Cannot be Run Simultaneously (6531142)

You cannot run the create os and import os plans simultaneously.

Workaround:

Run these commands in a sequence.

Web SSO Installation Fails After the Successful Execution of the Install Web SSO Plan (6642359)

Workaround:

Monitor the /var/OTP/SUNWotp-debug.log file to check whether the resource group otp-system-rg has been restarted. If the resource group has not been restarted, restart the resource group manually by typing the following command on any node of the cluster:

/usr/cluster/bin/clrg online otp-system-rg

SPS Patch Installation Failure Is not Detected in Sun OTP (6611833)

Workaround:

Install the correct versions of the patches.

• For SPARC:

  Type the following command:

  cd $sparc_mediapath/Products/Patches

  ./OTP_patch_install -R /var/js -A sparc -L /var/tmp/OTPInstaller.log n1sps

• For x86:

  Type the following command:

  cd $x86_mediapath/Products/Patches

  ./OTP_patch_install -R /var/js -A x86 -L /var/tmp/OTPInstaller.log n1sps

Sun OTP Registry Cannot be Backed up Separately (6633845)

You can back up the Sun OTP registry as part of the Backup All plan. This module cannot be backed up separately.

Sun OTP 2.0 Ports are Not Configurable (6564838)

You cannot install Sun OTP version 2.0 if the Sun OTP ports are already being used by other applications.

You Cannot Include metadb Using lucreate (6625690)

You cannot use the lucreate command to include metadb.

Workaround:

After rebooting in to the boot environment, which has the updated operating system and Sun Cluster, apply following steps:

metadb -a -c 6 new_metadb_slice

metadb -d old_metadb_slice

Enable High Availability Service Plan Fails with Error Configuring Access Manager(6641978)

The openssl command timeout could result in potential failure of a running SPS plan during deployment

Workaround:

1. Modify the /var/OTP/otp.reg file located in the relevant zone.

   Change COMP|ACCESSMANAGER|STATUS=Failed to the following:

   COMP|ACCESSMANAGER|STATUS=Configured

2. Stop all the running Web Server instances by typing the following command:

   /opt/SUNWotp/framework/webserver/jes_ws.pl --run stopInstance

3. Rerun the configure High Availability plan.

Access Manager CLI amadmin Throws an Authentication Error (6547158)

After the security services installation, Access Manager CLI amadmin fails with authentication login exceptions.

Workaround:

1. Log in to Access Manager at https://VIP:3224.

   The user name and password are the values you specified during the Sun OTP installation. For example, user name can be otpadmin and password can be admin.

2. Select Realm—>Domain—>Authentication tab—>Advanced Properties in the Access Control tab.

3. Uncheck Agent under Identity type and click save config.

4. Disable the Access manager services on the node where changes were made for a multinode deployment.

   # /usr/cluster/bin/clrg set -p RG_System=false otp-security-rg

   # /usr/cluster/bin/clrs disable -n <node:zone_name> otp-ws-rs

5. Re-log in to at https://VIP:3224. Note that this time the URL will point to other Access Manager instance. Repeat steps 3 and 4.

6. Enable the Access manager services on all nodes.

   # /usr/cluster/bin/clrs enable -n <node:zone_name> otp-ws-rs

   # /usr/cluster/bin/clrg set -p RG_System=true otp-security-rg

SPS Plans for the Config Audit tool Does Not Work as Expected (6658672)

Before running the Config Audit tool, the Explorer should be run once. This is to get the Explorer ID as one of the parameters for running the Config Audit tool. But the requirement for Config Audit is to have the latest explorer ID after installing the config audit packages. This requires the user to run the Config Audit tool twice.

The otpadmin User for WebSSO Does Not Have All Privileges Required for Sun Cluster Administration (6660124)

After WebSSO is enabled, if a otpadmin user logs in to the Sun Cluster web console on port 6789, it is seen that the otpadmin user does not have privileges for enabling or disabling the resources and resource groups, changing properties and performing other administration tasks.

Workaround:

On the OTP system(s), do the following:

1. Open the /etc/user_attr file.

2. Replicate the entry for root in the file and replace root with otpadmin in the new entry.

3. Save the file.

4. Log out and log in using WebSSO.

   The various options are now enabled on the Sun Cluster web console.