certadm process shows defunct after provisioning to AIX

Applies To:

Venafi Encryption Director 8.0 and Above

OpenSSH 5.X



When pushing certificates to AIX servers, failed to connect errors appear on the Director console.

After attempting to provision to AIX, the process goes defunt.

certadm 7536892 13238272 0 15:02:27 - 0:00 sshd: certadm@pts/1
certadm 12976208 7536892 8 0:00 <defunct>
root 13238272 7012442 0 15:02:26 - 0:00 sshd: certadm [priv]



This issue is caused by a bug in OpenSSH.  We have created a workaround in the Director product to accommodate the issue.


Upgrade OpenSSH to a 6.X version.


  1. Download the XML file here.
  2. Open up the XML file and modify the following line to reflect the policy container and the device name.
    Note: This XML file can either create a new device object or modify the existing one.
    <?xml version="1.0" encoding="utf-8"?>
    <ConfigSchema Type="Export" noNamespaceSchemaLocation="schematool.xsd" xmlns:xsi="">
        <CreateObject Parent="\VED\Policy\TestingPolicy" Name="AIX_DEVICE" class="Device">
            <Attribute Name="Remote Server Type">OS_AIX|04/03/2023 19:45:14</Attribute>
        <Policy />
  3. Remote Desktop to the Director Server.
  4. Open up a CMD prompt and run as administrator.
  5. CD to Drive:\Venafi\Platform
  6. Run SchemaTool.exe with the following parameters.
    schematool.exe <Admin_User> <Password> <XML File>

    schematool.exe admin Passw0rd AIX_Device.xml
  7. The appropriate attributes have been created on the device object in question.
  8. Provisioning should now work


Was this article helpful?
0 out of 0 found this helpful