-
Title
Failed to export production copy with no error in () -
Description
The "pmpolicyplugin -g" is unable to export Sudo policy from the primary poilicy server and there is no error message.
sudo /opt/quest/sbin/pmpolicyplugin -g
** ERROR: Failed to export production copy () -
Cause
Usually when policy export fails, it gives a error which we can reply on to troubleshoot but in the case, it wasn't. There was no connection issue or any other environmental issue, even the pmpolicyplugin trace didn't see anything.
Also, it can be seen that there is handshake failure even when both policy and the plugin server have AES set as production, and restarting pmserviced will not have any impact.
Aug 18 13:01:32 5025 Incompatible encryption type-please check pm.settings on remote host: XX.XX.com
Aug 18 13:03:00 5033 Handshake failedIn this particular situation. It has been found in the secure/auth log that the pmpolicy user password has expired.
So the common symptom seen so far is that no error is reported in the "pmpolicyplugin -g" failure output brackets other than handshake/encryption failure, with no encryption mismatch
-
Resolution
Changing the pmpolicy password or setting the password not to expire will solve the issue, and the pmpolicyplugin will be able to export policy immediately without any pmserviced restart.