Error upgrading IG from 3.7.3 to 4.2


we have tried to upgrade IG to version 4.2 on Linux, but it seems to fail on loading OSP
We did first run the upgrade script to update related components, that worked well
After the we did upgrade OSP, allowed install to create the new config encrypt-keys keystore, after upgrade we tested to execute for osp, that worked well
Finally we did run the installer for IG, upgrading all components. Selected to use a excisting keystore for encrypting pointing to encrypt-keys.pkcs12 in /(tomcat/conf directory.
Restarted server, unable to login, OSP is not working and we are unable to execute with, since decryption fails (we are able to open keystore offline with same passphrase)
See this error in osp.log
"log Data: Configuration load failed. An empty configuration will be used.: internal.atlaslite.jcce.exception.CoreExceptionWithOutcome: Loading system configuration named 'current' failed. Reason: Loading bootstrap properties.
         =>internal.atlaslite.jcce.validation.ValidationException: java.lang.IllegalStateException: com.netiq.ism.obfuscate.NoSecretKeyException: Unable to decrypt data with any of the 1key(s)"
And this in catalina.<date>.log
[SEVERE] 2024-04-15 16:42:32.523 [org.apache.catalina.core.StandardContext] One or more listeners failed to start. Full details will be found in the appropriate container log file
[SEVERE] 2024-04-15 16:42:32.526 [org.apache.catalina.core.StandardContext] Context [/api] startup failed due to previous errors
[SEVERE] 2024-04-15 16:42:32.559 [com.netiq.iac.server.j2ee.ArcServerInitListener] [IG-SERVER] Invalid component key: [api_server]

We can roleback the upgrade, but still get error when trying to launch after roleback, might be related to the database is not rolled back



  • Hello,

    1) Did you utilize a GUI, Console, or Silent install?

    2) Are you installing Identity Governance on the same Tomcat server that OSP was installed on?

    3) Did you confirm there are no errors or warnings in the IG installation log file?

    Note: The error is on loading the main IG war, not OSP

    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • Hello Steven,

    Thanks a lot for your reply.

    1, GUI upgrade of both OSP and IG

    2, Yes

    3, Sorry, no. But did not. Was happy that installer claims it was a success.. can upgrade again tomorrow and see if we get any error messages in installer log

  • Now I have verified that it's only success in both IG and OSP install log files

  • We started up a week ago and upgraded our test IG, witch is more or less the same as our production server and that went fine, so we thought that  production would be easy.

    There are difference in the Identity_Governance_InstallLog.log when we compare them.

    In the working (test) environment we got this entry, but not i production

    #ConfigUpdate details


    Custom Action:            com.netiq.idmapps.ia.custom.IAVariableTrimmer
                                          Status: SUCCESSFUL

    In the not working (production) environment we got database install entry's that we don't have in test, even if we made the same choices to what I thought was to update the ms-sql database schemas.

    In working test IG we see this

    In not so working prod IG we see the oposit
    Execute Script/Batch file: Database Creation
    Status: SUCCESSFUL

    Modify Text File - Single File: New File /opt/netiq/idm/apps/idgov/logs/dbtool-create-log.txt
    Status: SUCCESSFUL
    In log file dbtool-create-log.txt I see that database already exist and install is skipping

  • Suggested Answer

    We managed to find out what went wrong, problem was related to new encrypt keystore, we got it wring the first time and did not restore databases from backup only IG snapshots. I suppose that the install/upgrade creates a key in database that has to match the encrypt keystore.

    So restoring database backup and create the keystore in OSP setup and use the same keystore in IG upgrade resolved the issue.