BUG REPORT: Unable to change logging level for Symantec Encryption Management Server through web interface

Article:TECH206228  |  Created: 2013-05-15  |  Updated: 2013-08-13  |  Article URL http://www.symantec.com/docs/TECH206228
Article Type
Technical Solution


Issue



When after upgrade from PGP Universal Server 3.2.x to Symantec Encryption Management Server 3.3.0 you are following http://www.symantec.com/docs/TECH149337 to enable/disable debug logging you get following error in Administration log


Error



    Error writing debug.xml
EXCEPTION STACK TRACE:
java.io.FileNotFoundException: /etc/ovid/debug.xml (Permission denied)
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:212)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:104)
        at java.io.FileWriter.<init>(FileWriter.java:63)
        at com.pgp.omc.AdminEditDebugPrefsScreen.handleUpdate(AdminEditDebugPrefsScreen.java:107)
        at com.pgp.omc.AdminEditDebugPrefsScreen.doEvent(AdminEditDebugPrefsScreen.java:44)
        at com.pgp.omc.AdminControllerServlet.dispatchEvent(AdminControllerServlet.java:706)
        at com.pgp.omc.AdminControllerServlet.doPost(AdminControllerServlet.java:454)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at com.pgp.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:41)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.owasp.csrfguard.CSRFGuardFilter.doFilter(CSRFGuardFilter.java:73)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:722)


Environment



PGP Universal Server 3.2.x

Symantec Encryption Management Server 3.3.0


Cause



Migration script failed to set proper permissions for /etc/ovid/debug.xml file during upgrade.


Solution



Symantec Corporation is committed to product quality and satisfied customers. This issue is currently being considered by Symantec Corporation to be addressed in a forthcoming version or Maintenance Pack of the product.  Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.

The following is a known temporary workaround for the issue until the version/maintenance pack is released:

This issue can be temporarily resolved by changing file permissions for /etc/ovid/debug.xml file.

  1. Enable SSH access for your server following http://www.symantec.com/docs/TECH149673
  2. Using SSH session execute following commands:
    • chmod 664 /etc/ovid/debug.xml
    • ls -l /etc/ovid/debug.xml; stat -c %a /etc/ovid/debug.xml
  3. Verify file permission in the output of last command (664 corresponds to symbolic notation "-rw-rw-r--")
     

Proper output of the above command should be similar to following:

[root@keys ~]# ls -l /etc/ovid/debug.xml; stat -c %a /etc/ovid/debug.xml
-rw-rw-r-- 1 ovid ovid 4944 Jul  1 11:22 /etc/ovid/debug.xml
664
 

Please note:

Accessing the PGP Universal Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec  Support agreement unless the following procedures are followed.
Any changes made to the PGP Universal Server via the command line must be:

  • Authorized in writing by Symantec Support.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical  Support may also require reverting any custom configurations on the PGP Universal Server back to a default state when troubleshooting new issues.


Supplemental Materials

SourceETrack
Value3284970
Description

Editing debug.xml through web interface result in FileNotFoundException




Article URL http://www.symantec.com/docs/TECH206228


Terms of use for this information are found in Legal Notices