Question & Answer
Question
There are server definitions listed in the output from the pdadmin "server list" command that no longer exist. Is there a way to remove these definitions?
Answer
The following steps can be used to clean up stale TAM server definitions. A stale server is defined as an entry listed in the "pdadmin server list" output, but the actual server no longer exists.
For example,
pdadmin sec_master> server list
p1080-webseald-amaix13.example.com
ivacld-amaix24
pdosd-amos.example.com
customapp-sys12
JACC_-494476285-earth
Authz_-2031068014-earth
The above is broken into the following
Application name: p1080-webseald
Hostname: amaix13.example.com
Application name: ivacld
Hostname: amaix24
Application name: pdosd
Hostname: amos.example.com
Application name: customapp
Hostname: sys12
Application name: JACC_-494476285
Hostname: earth
Application name: Authz_-2031068014-earth
Hostname: earth
In general, the convention is appname-hostname, where appname may contain dashes as well like WebSEAL definitions.
The commands below will remove these entries. Run the command on the Policy Server.
UNIX
svrsslcfg -unconfig -f /dev/null -n p1080-webseald -h amaix13.tivlab.austin.ibm -A sec_master -P *****
svrsslcfg -unconfig -f /dev/null -n ivacld -h amaix24 -A sec_master -P *****
svrsslcfg -unconfig -f /dev/null -n pdosd -h amos.example.com -A sec_master -P *****
svrsslcfg -unconfig -f /dev/null -n customapp -h sys12 -A sec_master -P *****
svrsslcfg -unconfig -f /dev/null -n JACC_-494476285 -h earth -A sec_master -P *****
svrsslcfg -unconfig -f /dev/null -n Authz_-2031068014-earth -h earth -A sec_master -P *****
Windows
Create an empty file name C:\TEMP\EMPTY.CONF
%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n p1080-webseald -h amaix13.tivlab.austin.ibm -A sec_master -P *****
%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n ivacld -h amaix24 -A sec_master -P *****
%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n pdosd -h amos.example.com -A sec_master -P *****
%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n customapp -h sys12 -A sec_master -P *****
%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n JACC_-494476285 -h earth -A sec_master -P *****
%PD_HOME%\sbin\svrsslcfg.exe -unconfig -f C:\TEMP\EMPTY.CONF -n Authz_-2031068014 -h earth -A sec_master -P *****
It should be noted the svrsslcfg command only reports a failure when it cannot communicate to the Policy Server. The rest of the time it reports success. So, ensure the spellings match between the "server list" output and command line. Always verify with the "server list" command the server was actually removed.
!!!!WARNING!!!!
This will remove the server definition from the policy database and the associated entries from
the User Registry. Make certain the server being removed is truly not in use.
As a precaution, it is best to run a pdbackup and take a backup of the user registry as a well.
Product Synonym
TAMeB
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21496607