Error: Duplicate user name 'OU=Students,DC=cadets,DC=cbchs,DC=org'
Error: Failed to parse security policy
If I revert to 6.0.1 it commits with no issues.
I've tried removing OU=Students,DC=cadets,DC=cbchs,DC=org' from the group include list on the group mapping settings and am still not able to commit after upgrading.
Solved! Go to Solution.
Is this HA pair and is the commit failing only on passive device ?
If so, then please make sure root CA certificate is not missing on the passive device. If its missing, then manually reconfigure it and then sync the devices and commit again.
Hope this helps
I can see the whole group name as below from cli command output
Can you please try to delete the security rule in which this group name is being used and then commit. If commit is successful, then reconfigure the security rule again.
Hope this helps. If not then you might want to open a support case to further troubleshoot the issue live.
Thanks to you both, Mystique and Parmas,
I had 7 rules applying to just our student users, in each I had users listed: cadets\all students, ou=students,dc=cadets,dc=cbchs,dc=org, and cadets\allstudents.
I first tested the effectiveness of the applicable policies using only ou=students,dc=cadets,dc=cbchs,dc=org, the policies still applied so I attempted upgrading our passive pan with the security policies updated.
The upgrade failed.
So I then tested the effectiveness of the applicable policies using only cadets\allstudents, the policies still applied so I attempted upgrading our passive pan with the security policies updated.
The upgrade was at last successful.
My question is how did you both know to look at security policies and users being listed from the Duplicate user name error? Was vsys1 a clue for you?
Also when the upgrade was failing it was aborting on start up at "satd-config", "sslmgr-config-p1" etc. Why would security rules being ineffective cause start up processes to abort?
Thank you both again,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!