Symantec Access Management

  • Private Community

  • 1.  Reinstall CA SPS - After Startssl, ~30 minute to work?

    Posted Mar 26, 2018 12:25 PM

    Hello,

    We are using CA 12.52 at the moment. We recently did some system updates and the SPS stopped functioning correctly. We are running on RHEL 6. The main update was a java version update. I've read where to make changes in config files, but decided to just re-install instead to make sure everything was updated. After the re-install and running ./sps-ctl startssl, the SPStrace log shows [Initialize][High Level Agent Initialized.] after about 1.5 minutes. We then try to use the SPS by going to a site which the SPS redirects to. We see the request in logs, everything looks normal, it even says redirecting to the site with a 302. The IWA server and policy server logs all show a normal request. However, the page just sits and does nothing at this point. After the SPS  is started for about~30 minutes it then starts to work like normal.

     

    I was wondering if the updates messed with it, so I spun up a new server with all the fresh updates and setup a SPS. The new servers works fine. Stopping the SPS and restarting, as soon as the HLA is initialized, the redirect works like it should.

     

    Has anyone else experienced this?

     

    On one of the servers that has this issue, i completed uninstalled and removed and agent + domain/realms from the policy servers. I re-installed fresh with no issues. When I started the SPS back up, same as above, ~30minutes until the SPS works.

     

    Thanks!



  • 2.  Re: Reinstall CA SPS - After Startssl, ~30 minute to work?
    Best Answer

    Broadcom Employee
    Posted Mar 27, 2018 12:26 PM

    Chad, Not sure why exactly 30 min delay; detailed (SPS) web agent trace sometimes helps to provide some possible clue/s. Secondly, have you checked the entropy on your Linux system to make sure it's sufficient?  If not, increase it anyway. It may or may may not have direct impact on the issue at hand, but worth trying. You said you upgraded Java. What Java version are you using now?

    - Regards. Vijay



  • 3.  Re: Reinstall CA SPS - After Startssl, ~30 minute to work?

    Posted Mar 27, 2018 12:34 PM

    Hi Vijay,

    I was working on this right as I saw your reply. The entropy was the issue. I increased the pool and it now starts just fine with no delay. It looks like when we restart the link that is setup prior to install is broken. Just running the below 2 commands worked. Now I just need to make the link persist through restart. We are using Oracle java 1.7.0 u171 I believe. 

     

    mv /dev/random /dev/random.org

    ln -s /dev/urandom /dev/random

     

    Thanks!