Symantec Access Management

  • 1.  How to remove redundant warning from smps log

    Posted Jan 24, 2017 03:07 PM

    Is there a way to remove this warning from our smps logs?

    [SmDsLdapConnMgr.cpp:788][WARNING][sm-Ldap-02910] SSLv3 client protocol is disabled. If connection fails configure LDAP server to support TLS protocols.

    I am trying to clean up our logs of errors and warnings that don't pertain to our environment and I would like to remove this error since it makes up half of the log. Any help would be appreciated. This if for a 12.52 sp2 cr1 Policy Server.



  • 2.  Re: How to remove redundant warning from smps log

    Broadcom Employee
    Posted Jan 24, 2017 05:05 PM

    I honestly do not recall SSO product has that kind of feature to filter the smps.log.

    There are log related properties files under /config, but extremely few had tried it, so no guaranteed result.

    If for analysis purpose, an alternative way is using Text pad to select and choose what you want,

    For raw smps.log data, I would think this is not possible, but will let others to comment if they know a way.

     

    Hongxu



  • 3.  Re: How to remove redundant warning from smps log
    Best Answer

    Posted Jan 24, 2017 09:31 PM

    Hi Brian,

     

    Looking at the source, I can confirm , there is NO option to disable policy server from logging these message into the smps.log unfortunately.

     

    Regards,

    Ujwol



  • 4.  Re: How to remove redundant warning from smps log

    Posted Jan 25, 2017 09:15 AM

    I guess a better question is this. Does the above warning message correspond to this error: [SmDsLdapConnMgr.cpp:1231][ERROR][sm-Ldap-02230] Error# '81' during search: 'error: Can't contact LDAP server' Search Query = 'objectclass=*'? We see the above arning every time we see that error, and therefore the error is caused by siteminder not realizing that the connection has been closed and having to wait to rebind the Policy Store to the LDAP (CA Directory)? I referenced this article for my line of thinking, CA SSO : Policy Server VS 3rd party components closing Idle Connection. I am looking for confirmation of my line of thinking before looking into steps to fix this issue. Thanks in advance.  



  • 5.  Re: How to remove redundant warning from smps log

    Posted Jan 26, 2017 07:28 PM

    The message "[sm-Ldap-02910] SSLv3 client protocol is disabled. If connection fails configure LDAP server to support TLS protocols." is just an informational message indicating that Policy server does NOT support ssvl3 connection to LDAP anymore. It supports only TLS.

     

    This message will be printed every time , it attempts to connect to the underlying LDAP.

    Also read this :

    Tech Tip - CA Single Sign-On:Policy Server:Policy server secure ldap connection failure 



  • 6.  Re: How to remove redundant warning from smps log

    Posted Jan 27, 2017 11:59 AM

    Ujwol,

     

    Thank you for the reply. Is there a way to remove that message then? I don't need to be told everytime a new connection is made that SSL v3 is disabled. This creates needless clutter in my logs. Any help would be appreciated. 



  • 7.  Re: How to remove redundant warning from smps log

    Posted Jan 28, 2017 07:36 AM
    Unfortunately there isn't a way.


    I would suggest opening an enhancement request.




  • 8.  Re: How to remove redundant warning from smps log

    Broadcom Employee
    Posted May 23, 2018 06:56 PM

    Enhancement request was opened for the same, this is currently under review:

     

    https://communities.ca.com/ideas/235736476-cleanup-log-message-sslv3-client-protocol-is-disabled