This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPS 5.11 add SPP 2.6.0 failed

Setting up SPS policies...

ERROR: <class 'scb.plugins.command.PluginVersionConstraintsNotMet'>: Plugin expected versions are not met

Press ENTER to exit

  • Hi,

    If you had previously installed plugins in SPS, could you verify if you have updated the plugins currently installed as well please? (plugins updates are released around the same time as SPS upgrades)  

    Here is a link for the available plugins release with SPS v5.11:

    https://support.oneidentity.com/one-identity-safeguard-for-privileged-sessions/5.11.0/download-new-releases

    Thanks!

  • Hello,

    SPS 5.10 join to SPP does not needed to install plugin.

    Does SPS 5.11 need?

    Thanks & Regards,

  • Hello,

    The join to SPP does not require a pre-installed plugin but if you had any plugins installed before the upgrade of SPS from 5.10 to 5.11 then I was suggesting that those existing plugins need to be updated as well. I suspect that a validation check was verifying if any plugins exist and are at an older version.

    Thanks!

  • Hello,

    My SPS 5.11 is new installed not upgraded from previous version.

    The problem cannot be happened on SPS 5.10.

    Below is the progress to join SPP:

    Initializing SPP Join (press Ctrl+C any time to abort)...
    IP address of SPP appliance: 10.10.10.105
    SPP username: admin
    SPP password:
    Description of this SPS: SPS(10.102.105.106)
    SPS username: admin
    SPS password:
    SPP Join to https://10.10.10.105:443 starting...
    The server at https://10.10.10.105/RSTS/oauth2/token presented the following
    certificate chain (the raw certificates in PEM format are available in the
    Core environment at /opt/scb/tmp/cert_ld30sdzq.tmp):
     
    ------------------------------------------------------------------------
    Issuer:              C=US/ST=UT/L=Lindon/O=Safeguard/OU=Safeguard/CN=SG-000C29709B49/emailAddress=None
    Subject:             C=US/ST=UT/L=Lindon/O=Safeguard/OU=Safeguard/CN=SG-000C29709B49/emailAddress=None
    Validity:            2018-12-27 00:00:00+00:00 - 2028-12-27 00:00:00+00:00
    SHA-1 fingerprint:   FD:65:5D:50:1D:15:43:A5:FC:F8:DF:DD:E7:25:5F:8F:D8:DA:A0:24
    SHA-256 fingerprint: 26:06:C6:45:EB:6E:7F:86:DD:E2:5E:A5:F4:BE:21:A0:20:DC:F9:75:1E:2A:B0:88:8A:03:5E:43:EB:AC:1F:56
    Extensions:
      keyUsage: Digital Signature, Key Encipherment, Key Agreement, Certificate Sign
      extendedKeyUsage: TLS Web Server Authentication
      basicConstraints: CA:TRUE, pathlen:0
      authorityKeyIdentifier: keyid:D1:5D:BC:08:86:87:50:3E:09:FD:B3:87:70:21:8A:0D:7F:A1:88:4D
      subjectKeyIdentifier: D1:5D:BC:08:86:87:50:3E:09:FD:B3:87:70:21:8A:0D:7F:A1:88:4D
      subjectAltName: DNS:SG-000C29709B49, IP Address:10.10.10.105, IP Address:192.168.1.105
    ------------------------------------------------------------------------
    Should https://10.10.10.105/RSTS/oauth2/token be trusted? (y/n) y
    Setting up SPS policies...
    ERROR: <class 'scb.plugins.command.PluginVersionConstraintsNotMet'>: Plugin expected versions are not met
    Press ENTER to exit

    Thanks & Regards.

  • Hello,

    Here is the syslogs from SPS 5.11

    It looks like the supported version is 5.1.0 to 5.10.0. and 5.11.0 is out of support.

    scb/extract-plugin[25900]: The entry point of plugin was not executable.
    scb/extract-plugin[25905]: The entry point of plugin was not executable.
    scb/extract-plugin[25905]: ERROR (root@localhost) The safeguard_credentialstore plugin does not support this SPS version, scb_version=5.11.0, min_version=5.1.0, max_version=5.10.0~;
    spp-join[25814]: TB-N3HFXVWFV6> Exception caught, stack dump follows;
    spp-join[25814]: TB-N3HFXVWFV6> Traceback (most recent call last):
    spp-join[25814]: TB-N3HFXVWFV6>   File "/usr/lib/python3/dist-packages/scb/plugins/command.py", line 85, in _validate_versions
    spp-join[25814]: TB-N3HFXVWFV6>     (self._tool_path, "--check-versions", zip_file)
    spp-join[25814]: TB-N3HFXVWFV6>   File "/usr/lib/python3/dist-packages/nnx/shellcommand.py", line 91, in process
    spp-join[25814]: TB-N3HFXVWFV6>     "Error running command", command_args, return_code, output
    spp-join[25814]: TB-N3HFXVWFV6> nnx.shellcommand.ShellCommandError: Error running command; args=('/opt/scb/bin/plugin-tool.php', '--check-versions', '/etc/nnx/psmsafeguard.zip'), return_code=1, output=The safeguard_credentialstore plugin does not support this SPS version, scb_version=5.11.0, min_version=5.1.0, max_version=5.10.0~;
    spp-join[25814]: TB-N3HFXVWFV6>
    spp-join[76]: Last message 'TB-N3HFXVWFV6> ' repeated 1 times, suppressed by syslog-ng on scb1
    spp-join[25814]: TB-N3HFXVWFV6> During handling of the above exception, another exception occurred:
    spp-join[25814]: TB-N3HFXVWFV6>
    spp-join[25814]: TB-N3HFXVWFV6> Traceback (most recent call last):
    spp-join[25814]: TB-N3HFXVWFV6>   File "/usr/lib/python3/dist-packages/scb/spp_join/__init__.py", line 493, in run
    spp-join[25814]: TB-N3HFXVWFV6>     0, self._setup_plugin("/etc/nnx/psmsafeguard.zip")
    spp-join[25814]: TB-N3HFXVWFV6>   File "/usr/lib/python3/dist-packages/scb/spp_join/__init__.py", line 616, in _setup_plugin
    spp-join[25814]: TB-N3HFXVWFV6>     plugin_entry = self._plugin_tool.get_plugin_entry(zip_file_path)
    spp-join[25814]: TB-N3HFXVWFV6>   File "/usr/lib/python3/dist-packages/scb/plugins/command.py", line 69, in get_plugin_entry
    spp-join[25814]: TB-N3HFXVWFV6>     self._validate_versions(zip_file, plugin_entry)
    spp-join[25814]: TB-N3HFXVWFV6>   File "/usr/lib/python3/dist-packages/scb/plugins/command.py", line 92, in _validate_versions
    spp-join[25814]: TB-N3HFXVWFV6>     type=plugin_entry.plugin_type,
    spp-join[25814]: TB-N3HFXVWFV6> scb.plugins.command.PluginVersionConstraintsNotMet: Plugin expected versions are not met
    spp-join[25814]: Finishing; action='Joining to SPP'
  • Hello,

    Thanks for the update.

    This issue was confirmed as a defect in SPS v5.11 and will be addressed in a future release.

    If this is urgent, please open a service request and reference the information \ logs above for further assistance with this issue.

    Thanks!