IV58917: SIGNEDDATAVERIFICATIONFAILURE IN LDAP ENVIRONMENTS UPGRADED FROM 9.0 WITH DELETED DUPLICATE USERS

APAR status

• Closed as program error.

Error description

• Error occurred after upgrading IEM integrated with LDAP and with
  the db including deleted duplicate entries for the same user.
  As a result of the generated error the server is not able
  anymore to propagate sites.
  
  In the Server log file relay.log the following errors are
  logged:
  
  LDAPGroupMembershipRefresher (3520) -
  SignedDataVerificationFailure in data
  type 'USERINFO' object '14' attribute 'id'
  
  followed by:
  
  DatabasePropagator (3512) - SignedDataVerificationFailure in
  data type
  'USERINFO' object '14' attribute 'managementRightsSMIME'
  

Local fix

• If the customer is running a single Root Server environment, the
  following command has to be run to get the environment in a
  working state:
  
  BESAdmin.exe /resignSecurityData
  
  If the customer is running a DSA environment, the above command
  has to be run first on the primary server and then on the
  replica servers.
  In a DSA scenario it is suggested to turnoff the secondary
  server to prevent a replication.
  

Problem summary

• Fixed in IBM Endpoint Manager 9.1 (fixpack 5) and IBM Endpoint
  Manager 9.2 (fixpack 1)
  
  General availability Q4 2014 (release schedule subject to
  change).
  

Problem conclusion

• This is resolved in:
  IBM Endpoint Manager 9.1 (fixpack 5)
  IBM Endpoint Manager 9.2 (fixpack 1)
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  TIV EP MGR SERV

• Fixed component ID

  5725C43SV

Applicable component levels

• R91W PSY

     UP

• R92W PSY

     UP