Symantec Access Management

  • Private Community

  • 1.  Restarting CA Directorys in SSO environment

    Posted Mar 01, 2018 04:44 PM

    Hello,

    We use CA Directory with our SSO 12.52. We recently found 1 directory server which had the servers stopped. I rsynced the databases already. Should I worry about anything when starting this one back up? Is it best practice to shut them all down and start them back up together?

     

    What would happen in the case I didn't sync the databases? would replication think the one just turned back on is missing info and sync them? Or would it just be a mess?

     

    Thanks



  • 2.  Re: Restarting CA Directorys in SSO environment

    Posted Mar 03, 2018 03:56 PM

    So you have multiple DSAs for high availability?

    I might be able to help if you provide more details about what you have done.

    How did you resync the database.

    Normally, when a DSA is down, you just need to start it and its peer will send all the update that this DSA missed while it is down so that it is brought up to date.



  • 3.  Re: Restarting CA Directorys in SSO environment

    Posted Mar 06, 2018 12:17 PM

    Yes we have multiple DSAs. I used Rsync to sync the databases. I did some research on CA directory and found we can add the DSA-Flag below to make sure the DSA doesn't take traffic until up to date. I also found out that the other DSAs build a queue (that can max out and be removed) for offline DSAs until they come back. Thank for the reply!

     

    no-service-while-recovering


  • 4.  Re: Restarting CA Directorys in SSO environment
    Best Answer

    Posted Mar 06, 2018 04:42 PM

    Yes, always set that flag for the DSA so that it won't accept client requests while recovering.

     

    A better recovery mechanism is to use the DISP recovery (set multi-write-disp-recovery = true;), so that we don't need to worry about maintaining a queue and the queue being lost.