Applies To:
Venafi Encryption Director 8.0 and Above
OpenSSH 5.X
Symptom:
When pushing certificates to AIX servers, failed to connect errors appear on the Director console.
After attempting to provision to AIX, the process goes defunt.
certadm 7536892 13238272 0 15:02:27 - 0:00 sshd: certadm@pts/1
certadm 12976208 7536892 8 0:00 <defunct>
root 13238272 7012442 0 15:02:26 - 0:00 sshd: certadm [priv]
Cause:
This issue is caused by a bug in OpenSSH. We have created a workaround in the Director product to accommodate the issue.
Resolution:
Upgrade OpenSSH to a 6.X version.
Workaround:
- Download the XML file here.
- Open up the XML file and modify the following line to reflect the policy container and the device name.
Note: This XML file can either create a new device object or modify the existing one.
<?xml version="1.0" encoding="utf-8"?>
<ConfigSchema Type="Export" noNamespaceSchemaLocation="schematool.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CreateObject Parent="\VED\Policy\TestingPolicy" Name="AIX_DEVICE" class="Device">
<Attribute Name="Remote Server Type">OS_AIX|04/03/2023 19:45:14</Attribute>
</CreateObject>
<Policy />
</ConfigSchema> - Remote Desktop to the Director Server.
- Open up a CMD prompt and run as administrator.
- CD to Drive:\Venafi\Platform
- Run SchemaTool.exe with the following parameters.
schematool.exe <Admin_User> <Password> <XML File>
Example:
schematool.exe admin Passw0rd AIX_Device.xml - The appropriate attributes have been created on the device object in question.
- Provisioning should now work
Comments