Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Tech Tip : CA Single Sign-On : SM is unable to startup properly in R12.7. Giving errors

  • 1.  Tech Tip : CA Single Sign-On : SM is unable to startup properly in R12.7. Giving errors

    Broadcom Employee
    Posted Apr 25, 2019 03:42 AM

    Issue:

     

    When we start our Policy Server using start-all command, the Policy
    Server logs reports the error :

     

    smps.log

     

    [41699/140663148173088][Thu Mar 14 2019 

    16:07:13][SmLdapBulkSearch.cpp:749][InitReadsVLV][ERROR][sm-xpsxps-01080]
    Error occurred during "SearchExt" for
    "(&(xpsNumber=*)(!(xpsTombstone=*)))", text: Timed out

    and as such the Policy Server doesn't work. How can we fix this ?

     

    Environment:

     

    Policy Server 12.7SP0CR0 on RedHat 6;
    Policy Store on Oracle Directory Server 11.1.1.7.0;

    Resolution:

     

    Upgrade the Oracle Directory Server to 11.1.1.7.1 or higher to fix
    index problems :

     

    5 Resolved Issues

     

    Table 2 Issues Resolved in Release 11g Release 1 (11.1.1.7.1)
    16737497 DSCONF REINDEX SUFFIX BREAKS ANCESTORID INDEX

    http://docs.oracle.com/cd/E29127_01/doc.111170/e58086/toc.htm

     

    also referenced in :

     

    How to Tune Oracle Directory Server for Policy Store
    https://communities.ca.com/docs/DOC-231148987

     

    Then integrate the indexes to the Policy Store data following the
    documentation :

     

    5. Edit the following ldif file:

    policy_server_home/xps/db/OracleDirectoryServerBrowse.ldif

     

    6. Confirm that the LDAP directory contains the following path
    before proceeding (replace the Root DN below with your own Root
    DN):

    ou=xps,ou=PolicySvr4,ou=siteminder,ou=netegrity<Root_DN>

    Edit the following LDIF file by putting the <root dn> value from
    the previous step into the two places where the file has the
    value of <root dn>:

    v policy_server_home/xps/db/OracleDirectoryServerBrowser.ldif

     

    7. Run the following command:

     

    smldapsetup ldmod -fOracleDirectoryServerBrowse.ldif -v

    - Rebuild the indexes :

    Configure an Oracle Directory Server as a Policy Store

    dsconf reindex -h localhost -p port_number -e "ou=Netegrity,root_dn"
    dsadm reindex -bl -t "Sort xpsSortKey" Instance_Path policysvr4
    dsadm reindex -bl -t "Sort modifyTimestamp" Instance_Path policysvr4

    dsadm reindex -b -t xpsNumber -t xpsValue -t xpsSortKey -t
    xpsCategory –t xpsParameter -t xpsIndexedObject -t xpsTombstone
    instance_path policysvr4


    https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-an-oracle-directory-server-as-a-policy-store

     

    KB : KB000131317