HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

131

132

133

134

135

136

137

138

139

140

openssl x509 -in rootcert.pem -text

HP-UX Will Not Start (ipsec_admin -start Fails)

Problem

HP-UX IPSec will not start.

Symptoms

The ipsec_admin -start command fails. The ipsec_admin utility returns one of the following

messages:

IPSEC_ADMIN: Failed to read IPsec admin file, error: %nn. Did you set

the password with -np?

IPSEC_ADMIN: Failed to open IPsec admin file, error: %nn. Did you set

the password with -np?

IPSEC_ADMIN: ERROR-read_admin_info(): Failed to verify ipsec password.

IPSEC_ADMIN: ERROR-reads a DB config which is invalid

IPSEC_ADMIN: ERROR-Configuration database open failed: reason

Solution

If ipsec_admin returns the message Failed to read IPsec admin file, error: %nn.

Did you set the password with -np? or the message Failed to open IPsec admin

file, error: %nn. Did you set the password with -np? and you have not yet set

the HP-UX IPSec password, set the password using the command ipsec_admin -newpasswd

or ipsec_admin -np.

If ipsec_admin returns the message read_admin_info(): Failed to verify ipsec

password, verify that the file /var/adm/ipsec/cainfo.txt exists.

If ipsec_admin returns the message reads a DB config which is invalid or

Configuration database open failed, see the following section, Corrupt or Missing

HP-UX IPSec Configuration Database, for more information.

Corrupt or Missing HP-UX IPSec Configuration Database

Problem

The HP-UX IPSec configuration database file (/var/adm/ipsec/config.db ) is corrupt or

missing.

Symptoms

The symptom vary according to when the problem is detected. HP-UX IPSec modules will log error

messages to the audit log file and user utilities will also display the error messages to stdout.

If ipsec_admin detects the problem (for example, when the user is executing the ipsec_admin

-start command), ipsec_admin logs and displays one of the following messages:

IPSEC_ADMIN: ERROR-reads a DB config which is invalid

IPSEC_ADMIN: ERROR-Configuration database open failed: reason

If ipsec_config detects the problem, ipsec_config logs and displays a message similar to

one of the following messages:

“Internal Database error. Please contact HP!”

“DB Exception: /var/adm/ipsec/config.db, line n, Func name”

“DB Exception: /var/adm/ipsec/config.db, line n, Info 0xhhh”

If the policy daemon detects that configuration database is corrupted, the policy daemon logs an

error message similar to the following:

136 Troubleshooting HP-UX IPSec