Cluster Configuration Wizard fails with "Veritas Product Authentication: Service configuration utility failed. Exit code 11" when trying to secure the cluster.
Article ID: 100028354
Updated On:
Description
Error Message
Cluster Configuration Wizard error:
Symantec Product Authentication: Service configuration utility failed. Exit code 11.
Vssconfig.log may report one of the following errors:
Location: C:\Program Files (x86)\Veritas\Security\Authentication\bin
---------------| Executing Configuration Action gen_keymaterial
Generating ab mode keys for the authentication broker
SnapShotDirectory=C:\Program Files (x86)\Common Files\VERITAS\Security\Authentication\Snapshot
ABAuthSource=C:\Program Files (x86)\Common Files\VERITAS\Security\Authentication\systemprofile\ABAuthSource
Child process execution failed with errorcode: [24587]
---------------| ERROR: Configuration Action gen_keymaterial failed.
Configuration at
Exception => "Configuration at
Configuration at
Invoking configuration at
Checking configuration status...
Configuration at
Exception => "Configuration at
Configuration at
VSSVCW Configuration *failed* on atleast one nodes.
See C:\Program Files (x86)\Common Files\VERITAS\Security\Authentication\bin\vssvcw_failednodes for list of nodes.
Finished configuration.
---------------| ERROR: Configuration Action vcw failed.
Cause
VxAT configuration is corrupted.
Resolution
Note: This procedure will not require a reboot as long as all Veritas and Veritas services are stopped first.
1. Set cluster as unsecure.
2. Note the following directories on each node.
a. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Veritas\Security\Authentication\InstallDir
b. HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\Security\Authentication\InstallDir
- These may be different across nodes.
3. Stop cluster services
- hastop -all -force (on one node)
- net stop llt /y (on all nodes)
4. Stop the following services on all cluster nodes:
- Veritas Private Branch Exchange
- Veritas Product Authentication service
- Veritas Action Agent
- Veritas Cluster Server Helper
- Veritas Command Server
- Veritas Enterprise Administrator Service
- Veritas GridNode
- Veritas Scheduler Service
- Veritas Storage Agent
- Veritas Storage Foundation Messaging Service
- Veritas Volume Replication services (all)
- Veritas VSS Provider
- Veritas VxBridge Service
- Virtual Disk
- Kill VXVDS.exe and vxvdsdyn.exe processes if they exist
5. Uninstall server and client MSI of VxAt on all nodes in the cluster
AT MSI location for clusters that have AT patch applied:
C:\Program files\Veritas\Veritas Shared\VPI\hotfix_AT_
AT MSI file location if no Hotfix folder is present in VPI:
32‐bit
C:\Program Files\Veritas\Veritas Shared\VPI\{F834E070-8D71-4c4b-B688-06964B88F3E8}\pkgs\32\common --> Veritas Authentication Service.msi
C:\Program Files\Veritas\Veritas Shared\VPI\{F834E070-8D71-4c4b-B688-06964B88F3E8}\pkgs\32\common --> Veritas Authentication Service Client.msi
64‐bit
C:\Program Files\Veritas\Veritas Shared\VPI\{F834E070-8D71-4c4b-B688-06964B88F3E8}\pkgs\64\common --> Veritas Authentication Service.msi
*** DO NOT USE THE CLIENT.MSI IN THIS LOCATION!!
C:\Program Files\Veritas\Veritas Shared\VPI\{F834E070-8D71-4c4b-B688-06964B88F3E8}\pkgs\64\w2k3\x64 --> Veritas Authentication Service Client.msi
6. Delete vrtsat service using ‘sc delete vrtsat’ (if the Veritas Product Authentication Service still exists) on all nodes
7. Empty or rename the directories noted in Step 2 on all the nodes in the cluster:
8. Install VxAt on all nodes
- Use the same MSIs as step 5
7. Start all the services stopped in step 2.
8. Run hastart -all from any node.
Run Cluster Configuration Wizard to resecure the cluster.
- Make sure to check both HAD Helper and SSO when configuring SSO per eTrack 2722228.
Applies To
Storage Foundation High Availablity for Windows 5.1 AP1
Storage Foundation High Availablity for Windows 5.1 SP1
Storage Foundation High Availablity for Windows 5.1 SP2
Issue/Introduction
