12.6 XPSSweeper integrity check tool reports error that can not be fixed automatically.

Document ID : KB000004925
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When running : XPSSweeper -a -changeset Changesetfile.txt -report Reportfile.txt 

Getting the following in a Report text file without a changset file, due that - as report says- these errors cannot fix automatically.

Now, we have 4 errors belong to the same nature (federation):

[..]

1) [sm-xpsxps-03233] Required attribute CA.SM::SAMLv2IdP.Name is not set.

Object ID: CA.SM::SAMLv2IdP@21-b2312d0f-848b-4649-93ac-9a47b8274cc6

Object Name: FedName

Object Path: AuthScheme[FedName] / SAMLv2IdP[FedName]

Object Description:

Fix Information: Automatic fix currently not available.

[..]

 

And another error is

5) [sm-xobsm-00480] Directory Server="E:\Program": Port "\Program" must be an integer in the range 1-65535.

Object ID: CA.SM::UserDirectory@0e-86efcd25-6991-498c-8691-52cd11684f35

Object Name: FedDir

Object Path: UserDirectory[FedDir]

Object Description:

Fix Information: Automatic fix currently not available. 

 

Environment:
Policy Server : R12.6, on Win2012 R2Policy Store : CA Directory R12 SP18AdminUI : R12.6, on Win2012 R2
Cause:

This issue is due to a small defect in the validation logic for userdirectory objects.  

The logic for checking the contents of the server attribute doesn't take into account the differences between the AD:, LDAP:,Custom: and ODBC: namespaces. 

The same server attribute is overwritten to represent ip addresses for LDAP: and AD:, DSN Names for ODBC: and filenames for Custom:. 

Luckily, the same validation logic applied to all namespaces doesn't usually cause a validation failure. 

However when the validation logic sees a ":" in the server field it expects a number to follow the ":". 

In the case of this defect, the customer has provided a full windows filespec for the userdirectory server attribute including the drive letter followed by ":".

Resolution:

There is a workaround for this issue. The server field for the "FedDir" userdirectory object should be changed from "E:\Program Files (x86)\CA\siteminder\bin\smdirapi_all.dll" to "smdirapi_all.dll". 

The new string should pass validation and the DLL should be found during runtime if it is located in siteminder\bin.q