Follow

certadm process shows defunct after provisioning to AIX

Applies To:

Venafi Encryption Director 8.0 and Above

OpenSSH 5.X

 

Symptom:

When pushing certificates to AIX servers, failed to connect errors appear on the Director console.

After attempting to provision to AIX, the process goes defunt.

certadm 7536892 13238272 0 15:02:27 - 0:00 sshd: certadm@pts/1
certadm 12976208 7536892 8 0:00 <defunct>
root 13238272 7012442 0 15:02:26 - 0:00 sshd: certadm [priv]

 

Cause:

This issue is caused by a bug in OpenSSH.  We have created a workaround in the Director product to accommodate the issue.

Resolution:

Upgrade OpenSSH to a 6.X version.

Workaround:

  1. Download the XML file here.
  2. Open up the XML file and modify the following line to reflect the policy container and the device name.
    Note: This XML file can either create a new device object or modify the existing one.
    <?xml version="1.0" encoding="utf-8"?>
    <ConfigSchema Type="Export" noNamespaceSchemaLocation="schematool.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <CreateObject Parent="\VED\Policy\TestingPolicy" Name="AIX_DEVICE" class="Device">
            <Attribute Name="Remote Server Type">OS_AIX|04/03/2023 19:45:14</Attribute>
        </CreateObject>
        <Policy />
    </ConfigSchema>
  3. Remote Desktop to the Director Server.
  4. Open up a CMD prompt and run as administrator.
  5. CD to Drive:\Venafi\Platform
  6. Run SchemaTool.exe with the following parameters.
    schematool.exe <Admin_User> <Password> <XML File>

    Example:
    schematool.exe admin Passw0rd AIX_Device.xml
  7. The appropriate attributes have been created on the device object in question.
  8. Provisioning should now work

 

Was this article helpful?
0 out of 0 found this helpful

Comments