Symantec Access Management

CA Single Sign-On: Policy Server's “ServerCommandTimeDelay” is now “MaxTimeDeltaBetweenServers” from R12.51 and Above 

Oct 21, 2014 03:22 PM

CA Single Sign-On Tuesday Tip by Vijay Masurkar, Principal Support Engineer, for October 21, 2014

 

 

We are aware of one inaccuracy between the functionality and product documentation, and wanted to share it with the Community.

 

There was a change in the code with a new registry key name discovered that didn’t reflect in the product documentation for Policy Server R12.51 and above. The change may impact your upgrade or new install operations. So, please note to take action, as necessary.

 

·      * When you perform an upgrade to CA SSO Policy Server R12.51 or above (from an earlier version), the registry key “ServerCommandTimeDelay”, if set in earlier releases,  will get changed to its new name “MaxTimeDeltaBetweenServers” with the same functionality as before. It is a DWORD as before with the definitiion: “the maximum time delta allowed between servers using the same policy store, in seconds”. Check to make sure you've the right value in it as before.

·     

If II * If you manually create and set the key “ServerCommandTimeDelay” in a newly installed R12.51 or above or after upgrading to R12.51 or above, it will silently get ignored.

 

If y * If you’re not using the key “ServerCommandTimeDelay”, this change doesn’t affect your upgrade to R12.51 and above.

 

We have filed a defect with the documentation team.  The references in R12.51 and above  documentation,  such as below in the Policy Server Administration Guide, will be  changed as soon as possible to reflect the (rename) change from  “ServerCommandTimeDelay” to “MaxTimeDeltaBetweenServers”. 

 

---------------------------------------------à>>>

 

Policy Servers Sharing Policy Store Not Updated Consistently

Symptom:

If multiple Policy Servers share a single policy store, the data inside the policy store could possibly be out of synchronization. Synchronization issues can occur under the following conditions:

  • The system times on the Policy Servers differ.
  • Network latency.

For example, suppose the system time on Policy Server A is 10:00, and the system time on Policy Server B is 10:05. Policy Server A sends its data to the policy store at 10:00. Policy Server B does not record any changes in the data timestamped before 10:05 because those events appear to have occurred earlier.

Solution:

To accommodate different system times or network latency issues:

Create the following DWORD registry setting:

 

       SiteMinder\CurrentVersion\ObjectStore

        Key: ServerCommandTimeDelay

 

Set the value of the key to the number of seconds that corresponds to the time difference. For example, for a five-minute time difference, set the value of the key to 300.

<ß------------------------------------------------------

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.