Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-10141: Fail to run session data integrity check for nix sessions generated before DB rotation

Auditing and Monitoring Service ,  

14 June,18 at 10:23 PM

Problem: Fail to run session data integrity check for *nix sessions generated before DB rotation

Procedures/Results:

1. In a new an installation, were the active Audit Store DB has the "Session integrity check" feature enabled, configure Audit Management Server and one Unix agent and verify they are working well.

2. Log into the  Unix agent with root as well as a normal AD user and  generate some "Completed" sessions, and generate some "In Progress" sessions.

3. Without restarting the  Audit Management Server, create a new active Audit Store DB and enable the "Session integrity check" feature.

4. Continue to run some commands in the terminal of the "In progress" sessions, then exit the session.

5. Restart Audit Management Server or wait about 15 minutes, then check session data integrity on any of the sessions.

User-added image

"It will pop up a dialog with the message "Session data integrity check failed because the computed signature does not match the signature in the database."

Cause: This issue is intermittent. When calculating the signature of a session (using thumbprint or thumbprints), the Audit Manager retrieves the sessions in bulk. The SELECT query that does this only orders the results by SessionId. In most cases, when the results are returned, they're sorted correctly but there's no guarantee that all records/rows returned for a session will be in a specific sorted order (e.g. by Id column). The order used to compute the signature may not match the order used to verify the signature thus resulting in a data integrity check failure.

Resolution: It is fixed on suite 2017.3.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part III article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part II articleKB-6041: How to show current license type in use by adclient articleKB-7441: List of error codes Adclient and DAD daemons generated for Solaris and Linux clients articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleCentrify 17.9 Release Notes