UNIX agent mistakes the CGPR process as a UNIX agent process

  • 7012613
  • 17-Jun-2013
  • 17-Jun-2013

Environment

NetIQ Change Guardian 4.0

Situation

Definitions

 

“Common Agent†– The IQConnect agent associated with the UNIX agent.  In your ‘ps –ef | grep Vigil’ output, it looks like “VigilEntAgent -config vigilent -load va:VigilEntAdapter –dâ€

 

“CGPR process†– The IQConnect agent associated with the Change Guardian Policy Repository (CGPR).  The policy editor and agents connect to this when managing policies.  In your ‘ps –ef | grep Vigil’ output it looks like “./VigilEntAgent –deferlistenâ€

 

The Problem

 

When installed on the CGPR computer, the UNIX agent mistakes the CGPR process as a UNIX agent process, which results in the following problems:

 

·        When you install the UNIX agent, the common agent process does not automatically start.

·        When the computer tries to stop or restart the common agent, it inadvertently kills off the CGPR process. For example, when you change the UNIX agent configuration for Change Guardian or Secure Configuration Manager.

Resolution

The Workarounds

 

Temporary Fix:

 

If you start the processes in a specific order, both processes will work correctly until the next time the processes are stopped.  This fix is temporary and requires you to enter the correct configuration values during installation.

 

The steps for starting both processes are:

 

1.      Stop the Change Guardian server processes using the command:  /etc/init.d/sentinel stop

2.      Start the common agent process using the command: /etc/init.d/vigilentagent start

3.      Start the Change Guardian server processes using the command: /etc/init.d/sentinel start

 

At this point, both products now run at the same time and function normally.  This will only last until something triggers a restart of the common agent.  The rule here is: The common agent must start first.

 

Permanent Fix:

 
For a more permanent solution, navigate to the netiq/pssetup directory where the agent is installed and edit the “vigilentagent.rc†file.

 

Replace line 107 which reads:

 

               TEST=`ps -ef | grep VigilEntAgent | grep -v grep | grep -v VigilEntAgent_`

 

with:

 

               TEST=`ps -ef | grep VigilEntAgent | grep -v grep | grep -v VigilEntAgent_ | grep –v deferlisten`

 

Then replace the old version of the script in /etc/init.d with the one you just edited:

 

               # cp vigilentagent.rc /etc/init.d/vigilentagent