For a WLI database archive to be internally consistent, the archive must contain all files residing under /etc/wli. These files must not have any intervening updates.
The database is updated through the wliadm, wlicert, wlisys, and wlisyspolicy commands. The database can be restored from archive only with WLI security mode set as maintenance. The security mode is cached within kernel space, not read from the database. The security mode in effect can only be determined by:
%wlisyspolicy -g
To switch to maintenance mode:
%wlisyspolicy -s mode=maintenance -k <admin_key>
The command might return a message that a reboot is necessary. Following reboot, query once more with wlisyspolicy to verify maintenance mode is in effect.
To restore the WLI database from archive:
%su root
#rm -r /etc/wli
If deletion fails for any file, reboot the system with a kernel that does not contain WLI.
#tar -xf /tmp/wlikeydb.tar
Or use an equivalent archive restore operation.
If the WLI database has been severely damaged, switching to maintenance mode might not be possible. To maintain the highest possible security, the security mode defaults to restricted if the initialization value cannot be read from the WLI database.
If the system cannot be switched to maintenance mode using wlisyspolicy, a kernel must be booted that does not contain the WLI components.
To rebuild the kernel without wli:
#kcmodule wli=unused
#shutdown -r
Following reboot, all WLI file access policies and resource protections are disabled. After restoring the WLI database, the WLI kernel can be rebuilt and rebooted:
#kcmodule wli=static
#shutdown -r
40 Troubleshooting and known issues