When trying to run Symantec Control Compliance Suite (CCS) for UNIX setfips.vbs an error is returned that certificates are not found and the script aborts. The command is run as <drive>:\<install path>\Symantec\RMS\Tools\cscript setfips.vbs and then returns the error. The customer already had FIPS-enabled in the CCS for UNIX product. However, the script was being run to troubleshoot errors registering a remote CCS for UNIX Agent. An error was then observed fro the VBS script and that setfips.vbs was no longer functional. The error message displayed does not describe which certificates are missing in order to restore these certificates and resolve the VBS script issue.
run c:\<install path>\Symantec\RMS\Tools>cscript setfips.vbs Enable FIPS mode
Do you want to continue? (Y)es/(N)o
User selected 'Yes'. Proceeding configure FIPS mode.
Error - Certificates for the following product(s) not found.
- bv-Control for UNIX
Any of the following four *.pem files are missing from the CCS for UNIX installation and will cause setfips.vbs to fail when executed:
1.) If open, close the CCS for UNIX Console. 2.) Re-run the current PCU that has been applied to the CCS for UNIX installation. (for this issue it was 2013-1 PCU). 3.) On the menu option, choose Repair/Reinstall. 4.) Wait for Repair/Reinstall to complete. Click Finish. 5.) Independently verify from Windows Explorer that the following *.pem files exist: "dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\cert.pem" "dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\key.pem" “dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\fips\bvcert.pem" “dn:\Program Files (x86)\Symantec\RMS\Control\UNIX\certs\bvcert.pem" 6.) Rerunning run c:\<install path>\Symantec\RMS\Tools>cscript setfips.vbs will then produce a successful FIPS enabled CCS for UNIX installation.
Microsoft Windows Server 2003 Symantec CCS for UNIX 10.5.1 10.5.1, 2013-1 PCU
Imported Document ID: TECH209956
Subscribing will provide email updates when this Article is updated. Login is required.