Skip links

SIS Quick Note: Upgrading CA Access Gateway (CAG) 12.8.4 to 12.8.6

Overview

This week we wanted to provide a quick note regarding an issue encountered when upgrading CA Access Gateway (CAG) from 12.8.4 to 12.8.6 on Windows 2016. After we upgraded the customer’s server, the service failed to respond to requests although the service was running.

As a first check, we verified that we were using a supported version of AdoptOpenJDK for the new version of CAG. We also examined the CAG installation logs and there were no errors.

Troubleshooting

We attempted to uninstall CAG using the Windows control panel, but were blocked by the following message: Could not create the java virtual machine. We then tried to use the CAG uninstall executable, but it failed with the same message.

This server originally had CAG 12.8.0 installed with Oracle JDK 1.8.X, but it was later upgraded to 12.8.4. Broadcom switched from Oracle’s JDK to AdoptOpenJDK with SiteMinder 12.8.3, but the customer JVM wasn’t changed until the upgrade to 12.8.6.  We believe the failure to switch the JVM to AdoptOpenJDK prior to installation and configuration of 12.8.4 was the root cause of our issue.

As such, we had a non-working CAG installation that we cannot uninstall. What do we do?

Parallel Installation

We decided to do a parallel installation to avoid the JVM issue, but we had to do some cleanup before we could do that.

Windows Registry Cleanup

The Windows registry has references to the installations and the CAG deployment itself.

  1. Using regedit, backup the entire windows registry.
  2. Remove CAG from the installed application list by using the procedure outlined in How to manually remove programs from the add remove programs list. It is likely that you will have two CAG entries here; both should be removed.
  3. To ensure that the new installation does not collide with the previous one, delete the following installation references:
    1. HKEY_LOCAL_MACHINE–>SOFTWARE–>CA
    2. HKEY_LOCAL_MACHINE–>SOFTWARE–>ComputerAssociates

Windows Services Cleanup

Removing the registry entries will not remove CAG from the services control panel. You will need to follow the procedure outlined in sc.exe delete to remove the CAG related entries.

Note: we recommend rebooting Windows once this step is complete.

File System

Removing the registry entries will allow for a clean installation, but it will not remove the actual installation from the filesystem. Since we are not doing an in-place upgrade, we wanted to preserve the configuration files. We did not delete the old installation from the file system, so we renamed the installation directory to CA_OLD; this allowed us to copy the certificates, keys, and WebAgent.conf from the old installation to the new one. We don’t recommend copying the server.conf or httpd-ssl.conf files because several details in these files have changed slightly between the versions. Instead, we cut and paste the virtual server details from the originals and placed them in the new versions.

Post Installation

This is a new installation and as a result, you will have to run the configuration wizard to complete the setup. Remember to also enable SSL support (because it is not enabled by default after the installation) and configure any logging that was not enabled by default.

Wrap Up

If you have are interested in other posts about CAG, checkout our post about CA Access Gateway (CAG) on RHEL 8: 503 Error After Installation.

As always, we hope that you have found this information useful. If you need IAM assistance, reach out to SIS today and we would be happy to assist you. And subscribe to our newsletter to be notified about the posting of future articles and other SIS news.

JOIN OUR NEWSLETTER

If you want to know our recent offer please subscribe to our newsletter