1 Reply Latest reply: Apr 9, 2013 4:45 AM by 986990 RSS

    Unable to re-start cryptosvc after a reboot of a server

    986990
      After a reboot the server

      Can't open boot_archive - "The file just loaded does not appear to be executable" from rootdisk and rootmirror!

      Booted into Failsafe (boot -F failsage at the ok prompt)

      mounted root filesystem on /a

      fsck -y /dev/dsk/c1t0d0s0

      umounted and mounted /dev/dsk/c1t1d0s0 on /a (for the rootmirror)

      fsck -y /dev/dsk/c1t1d0s0

      Rebooted and it panic'ed - repeated the above steps

      There as a boot.archive.new in /platform/sun4u

      Created new boot archive (bootadm update-archive -R /a)

      This allowed us to boot into SingleUser mode on rootdisk but:

      # svcs -xv
      svc:/system/cryptosvc:default (cryptographic services)
      State: maintenance since 9 April 2013 09:21:47 BST
      Reason: Start method failed repeatedly, last died on Killed (9).
      See: http://sun.com/msg/SMF-8000-KS
      See: man -M /usr/share/man -s 1M cryptoadm
      See: man -M /usr/share/man -s 1M kcfd
      See: /var/svc/log/system-cryptosvc:default.log
      Impact: 3 dependent services are not running:
      svc:/network/ipsec/ipsecalgs:default
      svc:/network/ipsec/policy:default
      svc:/network/ssh:default

      # svcadm clear /system/cryptosvc

      # svcadm enable /system/cryptosvc

      A 'svcs -xv' gave the same error

      A 'truss -o /tmp/truss.out -aef -wall -rall -vall svcadm enable /system/cryptosvc'

      Just showed "Killed" of the process.

      Ran:

      # cd /var/sadm/pkg

      # for i in `ls|grep SUNW`; do echo $i; pkgchk -a $i; done > /tmp/check.out 2>&1

      Revealed a missing file from SUNWcsl:

      SUNWcsl
      ERROR: /usr/lib/libike.so.1
      pathname does not exist

      On a sister server:

      # ls -al /usr/lib/libike.so.1
      -rwxr-xr-x 1 root bin 1801436 Jun 9 2009 /usr/lib/libike.so.1

      Put this onto a standard Windows formatted USB stick from a working server and inserted into failed server.

      Looking for devices...
      1. Logical Node: /dev/rdsk/c0t0d0s2
      Physical Node: /pci@1e,600000/ide@d/sd@0,0
      Connected Device: TEAC DV-28E-C 1.4B
      Device Type: DVD Reader
      2. Logical Node: /dev/rdsk/c3t0d0s2
      Physical Node: /pci@1e,600000/usb@a/storage@1/disk@0,0
      Connected Device: USB1105 Flash Disk 8.07
      Device Type: Removable

      # mount -F pcfs /dev/dsk/c3t0d0s0:c /mnt
      # cd /mnt

      # cp libike.so.1 /usr/lib
      # chown root:bin /usr/lib/libike.so.1
      # chmod 755 /usr/lib/libike.so.1

      Now:

      # svcs -xv
      svc:/system/cryptosvc:default (cryptographic services)
      State: maintenance since 9 April 2013 09:21:47 BST
      Reason: Start method failed repeatedly, last died on Killed (9).
      See: http://sun.com/msg/SMF-8000-KS
      See: man -M /usr/share/man -s 1M cryptoadm
      See: man -M /usr/share/man -s 1M kcfd
      See: /var/svc/log/system-cryptosvc:default.log
      Impact: 3 dependent services are not running:
      svc:/network/ipsec/ipsecalgs:default
      svc:/network/ipsec/policy:default
      svc:/network/ssh:default

      # svcadm clear /system/cryptosvc

      # svcadm enable /system/cryptosvc

      # svcs -xv

      And SSH now works!