Symantec IGA

  • Private Community

  • 1.  CA IdentityManager-SynchronizeAttributes-Failed

    Posted May 26, 2015 11:55 AM

    Hi Team,

    After JDK is being upgraded from JDK 1.6.0_45 to JDK1.6.0_85 we are seeing below issue in VST.

    For any modifyuser event fails with below error message, though all modifications are being propogated to endpoints successfully.

    Any thoughts please share

    VST log:

    Synchronize user "LastN, FirstN (t0201fl)" attributes with accounts: Failed to

    execute SynchronizeAttributesWithAccountsEvent. ERROR MESSAGE: LDAP response

    read timed out, timeout used:-1ms.

    IMPS log:

    11:51:43,459 ERROR [ims.llsdk.directory.jndi] (Thread-32 (HornetQ-client-global-threads-1033917019)) Failed to modify managed object ObjectType::USER with unique name eTGlobalUserName=t0201fl,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta Error message: LDAP response read timed out, timeout used:-1ms.

    11:51:43,467 ERROR [im.provisioning] (Thread-32 (HornetQ-client-global-threads-1033917019)) LDAP response read timed out, timeout used:-1ms.

    11:51:43,472 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-32 (HornetQ-client-global-threads-1033917019)) Execution of event: SynchronizeAttributesWithAccountsEvent failed.  Exception encountered: LDAP response read timed out, timeout used:-1ms.

    11:51:43,473 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-32 (HornetQ-client-global-threads-1033917019)) Execution of event: SynchronizeAttributesWithAccountsEvent failed.  Exception encountered: LDAP response read timed out, timeout used:-1ms.

    11:51:43,473 ERROR [com.netegrity.ims.businessprocess.IMSEventController] (Thread-32 (HornetQ-client-global-threads-1033917019)) Error during event execution [90ebe392-0a788583-7e1b1979-5a0658db] SynchronizeAttributesWithAccountsEvent

    IM Startup log:

    10:46:53,884 ERROR [im.plugins.IMEnvironmentInitializerPlugin] (ServerService Thread Pool -- 68) Exception in configuring Auto Inbound: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'dc=im,dc=eta': com.ca.iam.model.IAMPersistenceException: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'dc=im,dc=eta'

            at com.ca.iam.model.impl.IAMServerImpl.namingExceptionToIAMException(IAMServerImpl.java:363) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMServerImpl.translateNamingException(IAMServerImpl.java:369) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMSessionImpl.loadObjectProperties(IAMSessionImpl.java:1145) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMSessionImpl.loadObjectProperties(IAMSessionImpl.java:1154) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMSessionImpl.getObject(IAMSessionImpl.java:988) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMSessionImpl.getDomain(IAMSessionImpl.java:1073) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMSessionImpl.getRootDomain(IAMSessionImpl.java:1080) [jiam.jar:12.6.04.141230]

            at com.ca.identitymanager.plugins.IMEnvironmentInitializerPlugin.startEnvironment(IMEnvironmentInitializerPlugin.java:163) [identitymanager.jar:]

            at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.startEnvironmentInternal(IMSEnvironmentServiceImpl.java:445) [ims.jar:]

            at com.netegrity.ims.businessprocess.IMSEnvironmentServiceImpl.startEnvironment(IMSEnvironmentServiceImpl.java:336) [ims.jar:]

            at com.netegrity.ims.bootstrap.Main.start(Main.java:267) [ims.jar:]

            at com.netegrity.webapp.SystemInitializer.contextInitialized(SystemInitializer.java:44) [user_console.jar:]

            at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3339) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1]

            at org.apache.catalina.core.StandardContext.start(StandardContext.java:3777) [jbossweb-7.2.0.Final-redhat-1.jar:7.2.0.Final-redhat-1]

            at org.jboss.as.web.deployment.WebDeploymentService.doStart(WebDeploymentService.java:156) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

            at org.jboss.as.web.deployment.WebDeploymentService.access$000(WebDeploymentService.java:60) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

            at org.jboss.as.web.deployment.WebDeploymentService$1.run(WebDeploymentService.java:93) [jboss-as-web-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_72]

            at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_72]

            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_72]

            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_72]

            at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_72]

            at org.jboss.threads.JBossThread.run(JBossThread.java:122)

    Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'dc=im,dc=eta'

            at com.sun.jndi.ldap.Connection.readReply(Connection.java:483) [rt.jar:1.7.0_72]

            at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639) [rt.jar:1.7.0_72]

            at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562) [rt.jar:1.7.0_72]

            at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) [rt.jar:1.7.0_72]

            at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) [rt.jar:1.7.0_72]

            at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) [rt.jar:1.7.0_72]

            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) [rt.jar:1.7.0_72]

            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) [rt.jar:1.7.0_72]

            at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276) [rt.jar:1.7.0_72]

            at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source) [:1.7.0_72]

            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_72]

            at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_72]

            at com.ca.commons.jndi.beans.ResilientDirContextFactory.doInvoke(ResilientDirContextFactory.java:406) [cacommons.jar:12.6.04.141230]

            at com.ca.commons.jndi.beans.ResilientDirContextFactory.invoke(ResilientDirContextFactory.java:433) [cacommons.jar:12.6.04.141230]

            at com.sun.proxy.$Proxy35.search(Unknown Source)

            at com.ca.commons.jndi.beans.JNDIBeanStore$JNDIObjectProcessor.doSearch(JNDIBeanStore.java:1797) [cacommons.jar:12.6.04.141230]

            at com.ca.commons.jndi.beans.JNDIBeanStore.load(JNDIBeanStore.java:948) [cacommons.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMObjectImpl.load(IAMObjectImpl.java:959) [jiam.jar:12.6.04.141230]

            at com.ca.iam.model.impl.IAMSessionImpl.loadObjectProperties(IAMSessionImpl.java:1134) [jiam.jar:12.6.04.141230]

            ... 20 more



  • 2.  Re: CA IdentityManager-SynchronizeAttributes-Failed
    Best Answer

    Posted May 26, 2015 02:01 PM

    I have worked with other customers who had this problem when upgrading their JDK version. In that case, the customer moved from jdk1.7.0_51 to jdk1.7.0_72 and the error appeared.


    It appears that the latest working version of java and the ldap provider is jdk1.7.0_71. From the "bug fixes" in 1.7.0_72:

    http://www.oracle.com/technetwork/java/javase/2col/7u72-bugfixes-2298229.html. It appears that the bug fix actually causes this error.

     

    "com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request"

     

    Bug ID: JDK-8044482 com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request shows that this was backported to JDK1.6.0_85. Any JDK version before 1.6.0_85 will not display this error.

     

    W.
    William Lee



  • 3.  Re: CA IdentityManager-SynchronizeAttributes-Failed

    Posted May 26, 2015 03:10 PM

    Hi William,

    Thanks for your reply, in our environment we have seen this issue in both JDK1.7.0_72 & JDK1.6.0_85 as suggested I will try out JDK1.7.0_71.

     

    Regards,

    Satya



  • 4.  Re: CA IdentityManager-SynchronizeAttributes-Failed

    Posted Jun 24, 2015 08:25 AM

    Hi All,

     

    we have just figured out that the problem is also fixed with JDK 1.7.0_80.

     

    The problem for us was an error on Explore and Correlate from the IDM web console:

     

      Execute Explore and Correlate Definition "ModificheOrganizzative": Failed to execute ExploreAndCorrelateEvent. ERROR MESSAGE: Execution of ExploreAndCorrelateEvent failed

      LDAP response read timed out, timeout used:-1ms

     

    Regards,

    Massimo.