Invalid or Stale Server Definitions.

Question & Answer

Question

There are server definitions listed in the output from the pdadmin "server list" command that no longer exist. Is there a way to remove these definitions?

Answer

The following steps can be used to clean up stale TAM server definitions. A stale server is defined as an entry listed in the "pdadmin server list" output, but the actual server no longer exists.

For example,

pdadmin sec_master> server list
p1080-webseald-amaix13.example.com
ivacld-amaix24
pdosd-amos.example.com
customapp-sys12
JACC_-494476285-earth
Authz_-2031068014-earth

The above is broken into the following

Application name: p1080-webseald
Hostname: amaix13.example.com

Application name: ivacld
Hostname: amaix24

Application name: pdosd
Hostname: amos.example.com

Application name: customapp
Hostname: sys12

Application name: JACC_-494476285
Hostname: earth

Application name: Authz_-2031068014-earth
Hostname: earth

In general, the convention is appname-hostname, where appname may contain dashes as well like WebSEAL definitions.

The commands below will remove these entries. Run the command on the Policy Server.

UNIX
svrsslcfg -unconfig -f /dev/null -n p1080-webseald -h amaix13.tivlab.austin.ibm -A sec_master -P *****

svrsslcfg -unconfig -f /dev/null -n ivacld -h amaix24 -A sec_master -P *****

svrsslcfg -unconfig -f /dev/null -n pdosd -h amos.example.com -A sec_master -P *****

svrsslcfg -unconfig -f /dev/null -n customapp -h sys12 -A sec_master -P *****

svrsslcfg -unconfig -f /dev/null -n JACC_-494476285 -h earth -A sec_master -P *****

svrsslcfg -unconfig -f /dev/null -n Authz_-2031068014-earth -h earth -A sec_master -P *****

Windows
Create an empty file name C:\TEMP\EMPTY.CONF

%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n p1080-webseald -h amaix13.tivlab.austin.ibm -A sec_master -P *****

%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n ivacld -h amaix24 -A sec_master -P *****

%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n pdosd -h amos.example.com -A sec_master -P *****

%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n customapp -h sys12 -A sec_master -P *****

%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n JACC_-494476285 -h earth -A sec_master -P *****

%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n Authz_-2031068014 -h earth -A sec_master -P *****

It should be noted the svrsslcfg command only reports a failure when it cannot communicate to the Policy Server. The rest of the time it reports success. So, ensure the spellings match between the "server list" output and command line. Always verify with the "server list" command the server was actually removed.

!!!!WARNING!!!!
This will remove the server definition from the policy database and the associated entries from
the User Registry. Make certain the server being removed is truly not in use.

As a precaution, it is best to run a pdbackup and take a backup of the user registry as a well.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Base","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1;6.0;6.1;6.1.1;7.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

TAMeB

Was this topic helpful?

Document Information

Modified date:
16 June 2018

UID

swg21496607

Tips