Layer7 Access Management

Expand all | Collapse all

Error after upgrade: policy server taking 22 hour for startup

  • 1.  Error after upgrade: policy server taking 22 hour for startup

    Posted 10-05-2016 06:39 AM

    Policy server is taking 22 hour to come up.

     

    please find the smps.log below:

     

    [28540/1][Sat Oct 01 2016 15:00:22][CServer.cpp:254][INFO][sm-Server-03580] ************************************************************
    [28540/1][Sat Oct 01 2016 15:00:22][CServer.cpp:254][INFO][sm-Server-03580] ***** SmTransact Version 12.52.0001.154 *****
    [28540/1][Sat Oct 01 2016 15:00:22][CServer.cpp:254][INFO][sm-Server-03580] ************************************************************
    [28540/1][Sat Oct 01 2016 15:00:22][CServer.cpp:4224][INFO][sm-Server-01840] Initializing smpolicysrv
    [28540/1][Sat Oct 01 2016 15:00:22][SmAuthDsCache.cpp:253][INFO][sm-Directory-00450] UserAz cache is enabled for all policy resolutions
    [28540/1][Sat Oct 01 2016 15:00:22][SmAuthDsCache.cpp:136][INFO][sm-Directory-00420] Initializing user directory cache
    [28540/1][Sat Oct 01 2016 15:00:22][SmObjProvider.cpp:243][INFO][sm-Server-02830] Initializing policy store provider 'LDAP:'
    [28540/1][Sat Oct 01 2016 15:00:22][SmObjProvider.cpp:282][INFO][sm-Server-02840] Loading of policy store provider extension DLL: 'smobjldapims' succeeded.
    [28540/1][Sat Oct 01 2016 15:00:22][SmLdapPs.cpp:209][INFO][sm-Ldap-02140] SSL client init will not be attempted - no certificate database defined
    [28540/1][Sat Oct 01 2016 15:00:23][smldaputils.cpp:529][INFO][sm-Ldap-00540] Opening policy store connection to LDAP server: ' IP:PORT'
    [28540/1][Sat Oct 01 2016 15:00:24][SmLdapBulkSearch.cpp:152][CreateRoot][INFO][sm-xpsxps-01160] LDAP Provider Info String = Oracle Internet Directory
    [28540/1][Sat Oct 01 2016 15:00:24][SmLdapBulkSearch.cpp:206][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: orclcompatibleversion = OID 11.1.1.6.0
    [28540/1][Sat Oct 01 2016 15:00:24][SmLdapBulkSearch.cpp:206][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: orcldirectoryversion = OID 11.1.1.5.0
    [28540/1][Sat Oct 01 2016 15:00:24][SmLdapBulkSearch.cpp:206][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: supportedldapversion = 2
    [28540/1][Sat Oct 01 2016 15:00:24][SmLdapBulkSearch.cpp:206][CreateRoot][INFO][sm-xpsxps-01120] LDAP Provider Version: supportedldapversion = 3
    [28540/1][Sat Oct 01 2016 15:00:24][SmObjCache.cpp:402][INFO][sm-Server-02800] Preloading policy store cache
    [28540/1][Sat Oct 01 2016 15:00:24][SmObjCache.cpp:415][INFO][sm-Server-02860] BulkFetch policy store
    [28540/1][Sat Oct 01 2016 15:00:24][SmObjCache.cpp:418][INFO][sm-Server-02810] Precaching system configuration objects
    [28540/1][Sat Oct 01 2016 15:04:10][SmObjCache.cpp:487][INFO][sm-Server-02820] Precaching each Policy Domain
    [28540/1][Sat Oct 01 2016 15:04:10][SmObjCache.cpp:491][INFO][sm-Server-02870] BulkRelease policy store
    [28540/1][Sat Oct 01 2016 15:04:10][PolicyCache.cpp:1294][INFO][sm-Server-02880] Building policy cache ...
    [28540/1][Sat Oct 01 2016 15:04:11][PolicyCache.cpp:1387][INFO][sm-Server-02890] Building policy cache done
    [28540/1][Sat Oct 01 2016 15:04:11][SmObjStore.cpp:1403][INFO][sm-Server-00050] Object store initialized
    [28540/26][Sat Oct 01 2016 15:04:11][SmObjStore.cpp:1025][INFO][sm-Server-00110] Starting object store journal thread
    [28540/27][Sat Oct 01 2016 15:04:11][SmObjStore.cpp:850][INFO][sm-Server-00070] Object store journal thread started
    [28540/27][Sat Oct 01 2016 15:04:11][SmObjStore.cpp:851][INFO][sm-Server-00080] Journal commands refresh interval is 60 second(s)
    [28540/27][Sat Oct 01 2016 15:04:11][SmObjStore.cpp:852][INFO][sm-Server-00090] Server command synchronization delta is 51 second(s)
    [28540/27][Sat Oct 01 2016 15:04:11][SmObjStore.cpp:853][INFO][sm-Server-05250] Secondary cache failure timeout is 0 second(s)
    [28540/1][Sat Oct 01 2016 15:04:11][Database.cpp:689][InitDB][INFO][sm-xpsxps-00120] Initializing XPS Version 12.52.0001.154
    [28540/1][Sat Oct 01 2016 15:04:12][XPSLDAP.cpp:791][CreateRoot][INFO][sm-xpsxps-01160] LDAP Provider Info String = Oracle Internet Directory
    [28540/1][Sat Oct 01 2016 15:04:12][XPSIO.cpp:451][InitialLoad][INFO][sm-xpsxps-00560] Database Transactions are 0.
    [28540/1][Sat Oct 01 2016 15:04:17][XPSIO.cpp:478][InitialLoad][INFO][sm-xpsxps-00300] 2 Parameter(s) loaded from Policy Store, 2 total.
    [28540/1][Sat Oct 01 2016 15:04:17][XPSIO.cpp:483][InitialLoad][INFO][sm-xpsxps-00330] Caching Policy Data...
    [28540/27][Sat Oct 01 2016 16:03:21][SmObjStore.cpp:343][INFO][sm-Server-03330] Key Update Management is not enabled
    [28540/27][Sat Oct 01 2016 16:03:21][SmObjStore.cpp:382][INFO][sm-Server-04720] Key distribution has been initiated by Policy Server
    [28540/27][Sat Oct 01 2016 16:03:21][PolicyCache.cpp:1294][INFO][sm-Server-02880] Building policy cache ...
    [28540/27][Sat Oct 01 2016 16:03:21][PolicyCache.cpp:1387][INFO][sm-Server-02890] Building policy cache done
    [28540/1][Sun Oct 02 2016 12:19:30][XPSIO.cpp:502][InitialLoad][INFO][sm-xpsxps-00310] 37488 object(s) loaded from the Policy Store.
    [28540/1][Sun Oct 02 2016 12:19:30][XPSIO.cpp:566][SetPolicyStoreID][INFO][sm-xpsxps-00430] Policy Store ID is "9e8b0883-0681-1010-b347-84f8add80000".
    [28540/1][Sun Oct 02 2016 12:19:30][XPSAudit.cpp:719][GetAudit][INFO][sm-xpsxps-06870] XPS Auditing is enabled.
    [28540/1][Sun Oct 02 2016 12:19:30][Database.cpp:752][InitDB][INFO][sm-xpsxps-03460] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings).
    [28540/1][Sun Oct 02 2016 12:19:58][XPSIO.cpp:2051][MergeSmAndXPS][INFO][sm-xpsxps-00150] XPS Initialized. (34182, 0, 0)
    [28540/1][Sun Oct 02 2016 12:19:58][XPS.cpp:901][Init][INFO][sm-xpsxps-00150] XPS Initialized.
    [28540/1][Sun Oct 02 2016 12:19:58][NIDMgtCleanupRoutine.cpp:74][start][INFO][sm-xobfed-02966] NameID management cleanup thread started.
    [28540/33][Sun Oct 02 2016 12:19:58][NIDMgtCleanupRoutine.cpp:129][waitForXPS][INFO][sm-xobfed-02969] NameID management cleanup thread running.
    [28540/1][Sun Oct 02 2016 12:19:58][FedInterface.cpp:692][PostInitialize][INFO][sm-xobfed-02577] Successfully loaded smobjadapter.
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:655][INFO][sm-Server-05320] XPS Initialization complete
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:704][INFO][sm-Server-00770] Global Preferences: NestedSecurity=0
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:712][INFO][sm-Server-00790] Nested Security:off
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:743][INFO][sm-Server-00800] This policy server generates agent keys
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:905][INFO][sm-Server-00830] This policy server is allowed to roll over trusted host shared secrets
    [28540/1][Sun Oct 02 2016 12:19:58][DoManagement.cpp:1001][INFO][sm-Server-03670] Starting agent command management watchdog thread
    [28540/34][Sun Oct 02 2016 12:19:58][DoManagement.cpp:974][INFO][sm-Server-03660] Starting agent command management thread
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:2162][INFO][sm-Server-03690] Starting key management watchdog thread
    [28540/1][Sun Oct 02 2016 12:19:58][SmPolicyServer.cpp:1741][INFO][sm-Server-03680] Starting journal management watchdog thread
    [28540/35][Sun Oct 02 2016 12:19:58][DoManagement.cpp:851][INFO][sm-Server-00340] Agent Command Management thread started
    [28540/1][Sun Oct 02 2016 12:19:58][SmSessionServer.cpp:297][INFO][sm-Server-06004] Session Services is disable
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:4245][INFO][sm-Server-01850] Initialized smpolicysrv
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:6387][INFO][sm-Server-03480] Initializing TLI
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:7976][INFO][sm-Server-02410] Initializing UDP
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:6450][INFO][sm-Server-03490] Starting TLI
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:6464][INFO][sm-Server-03500] Admin UDP port is up
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:8196][INFO][sm-Server-02420] TCP is up on 6 interfaces listening for incoming connections
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:4280][INFO][sm-Server-01860] Initialization done
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:4309][INFO][sm-Server-01870] Signal handler for SIGTERM and SIGINT is installed, thread id = 1
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:7652][INFO][sm-Server-04210] Clearing the server suspend state for reason 4. The server will resume serving requests.
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:3924][INFO][sm-Server-04230] The suspend timeout is 3600 seconds.
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:5582][INFO][sm-Server-02080] SiteMinder Policy Server is ready on localhost
    [28540/1][Sun Oct 02 2016 12:19:58][CServer.cpp:5589][INFO][sm-Server-02090] Waiting for messages on thread id 1
    [28540/36][Sun Oct 02 2016 12:20:01][SmPolicyServer.cpp:2133][INFO][sm-Server-00910] Starting key management thread
    [28540/40][Sun Oct 02 2016 12:20:01][SmPolicyServer.cpp:1766][INFO][sm-Server-00900] Key management thread started.
    [28540/37][Sun Oct 02 2016 12:20:13][SmPolicyServer.cpp:1713][INFO][sm-Server-00880] Starting journal management thread
    [28540/41][Sun Oct 02 2016 12:20:13][SmPolicyServer.cpp:1662][INFO][sm-Server-00870] Journaling thread started, will delete commands older than 60 minutes



  • 2.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-05-2016 06:44 AM

    Hi Sree,


    Please try some tunining as per this guide:


    https://communities.ca.com/docs/DOC-231148987


    Regards,

    Ujwol



  • 3.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-05-2016 08:08 AM

    Hi Sree,

     

    Suggest to hash the sensitive information (ie: ip address) as this is public forum.

    What is the policy server version that you upgraded to?

    What is the policy server version prior to upgrade? Are you having issue prior to policy server upgrade?

    The policy store seems Oracle directory server version 11 (OID 11.1.1.5.0). Correct me if that's incorrect.

     

    Regards,

    Kar Meng



  • 4.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-05-2016 08:12 AM

    Miss the policy server version in log. The current policy server version is 12.52.0001.154.



  • 5.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-06-2016 03:29 AM

    Hi Karmeng,

     

    I will take care of this in future

     

    What is the policy server version prior to upgrade? Are you having issue prior to policy server upgrade?

    Previous version was 12.00. yes, after upgrade we are facing this issue.

     

    Regards,

    Sree



  • 6.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-06-2016 04:28 AM

    Hi,

    If you're running the Policy Server on Linux, make sure :

     

    the /dev/random is symlinked to /dev/urandom.
    the user which runs the Policy Server is allowed to enough open files (ulimit -n)
    256 will just not be enough.

     

    Best Regards,
    Patrick



  • 7.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-06-2016 07:31 AM

    Hi All,

     

    We are trying to upgrade the version from r12.0 to r12.52, our operating system is Solaries 10 and the LDAP is OID 11.1.1.6.

     

    Hi Ujwol,

    We have gone through document, unfortunately we are not having the dsadm utility since we are using OID 11.1.1.6.

    instead of that we are having  catalog utility

    https://communities.ca.com/docs/DOC-231148987

    Could you please help us to do the re-indexing with help of catalog command.

     

    Regards

    S PV 



  • 8.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-06-2016 06:32 PM

    Hi Sree,

     

    It looks like performance issue on the OID that might need some tuning.

     

    In order to confirm the hypothesis, can you check from OID logs perspective if the operation response time took long time to complete?

    I found following link

    http://docs.oracle.com/cd/E25054_01/oid.1111/e10029/conf_monitoring.htm

     

    that has portion "24.3.2 Viewing Information on the Oracle Internet Directory Performance Page". It might gave you summary on how the OID performance.

    If OID logs confirm the search of client (policy server) took time due to unindexing, I suggest to open CA Support ticket to investigate as this might need engineering team assistance to tune the instance.

     

    Regards,

    Kar Meng



  • 9.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-13-2016 05:20 AM

    Thank you all for the updates ...,

     

    We have raised a case with CA and Oracle as well for the same. we are going through the troubleshooting phases with the help of respective engineers.  I have few more quarries regarding the the below mentioned parameters and could you please help me to understand whether these parameters will affect the system slowness if yes how i need to configure these parameters in my env.

     

    Maximum - Threads 
    User Az Cache Size 
    Max Connections 
    Idle Timeout(Minutes)MB 

     

     

    in my env it is configured as 

     

    Maximum - Threads - 8
    User Az Cache Size - 10MB
    Max Connections - 2048
    Idle Timeout(Minutes) -5

     

     

    Regards,

    Sreenath P V 



  • 10.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-13-2016 07:47 AM

    Hi Sree,


    You are likely to get more response if you have one thread per individual question.


    This will also help in the navigation and searching threads in the future.


    So, I will suggest to open a new thread for those configuration related questions.


    Regards,

    Ujwol



  • 11.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-13-2016 08:13 PM

    Hi Sree,

     

    Most probably this is related policy store indexing that cause the policy server startup slow. Oracle might able to help narrow down the scope on what objects causing the issue and whether they are indexing properly. Once we have those information, we can look into how indexing can help.

     

    Regards,

    Kar Meng



  • 12.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-14-2016 06:31 AM

    Hi Kar Meng,

     

    Thanks for the update, We have highlighted the same to the Oracle engineer 

    Could you please help me with the below details as well

    1) While Siteminder Start up of the which all tables are Siteminder is referring ? 

    2) While running any XPS commands which all tables are Siteminder is referring ? 

     

    We are facing some issues while running any XPS commands as well.

     

    Regards,

    Sreenath P V 



  • 13.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-14-2016 07:50 AM

    Hi All,

    Please find the updated from Oracle team 

     

     

    Hi Sreenath,

     

    I have checked the OID logs and also the attributes list and they are properly indexed.
    Please update the SiteMinder team to check the condition <<'*' modifytimestamp createtimestamp>> because this is an incorrect command from performance point of view. All that info is transferring over the network and this take time for the info quantity you are requesting.
    What I can suggest you is to try <<modifytimestamp createtimestamp>> sau <<'*'>> and this depends of what kind of attributes you want to have : all of the attributes or only those 2 of them.

     

    Best Regards,

     

    regards,

     

    Sreenath P V 



  • 14.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-14-2016 09:18 AM

    LDAP Provider Info String = Oracle Internet Directory
    LDAP Provider Version: orclcompatibleversion = OID 11.1.1.6.0

     

    Not the same as ODS Oracle Directory server  - do not use the OracleDirectoryServerBrowse.ldif
    OID Directory uses the OID_10g.ldif for XPS

     

    Since you have oracle involved suggest working the slow throw the support issue - it is related the setup of the store and indexing that will require log analysis and config review



  • 15.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-18-2016 12:29 PM

    Hi All,

    As per oracle doc we are indexing is proper. Could you please provide any kind of evidences  to prove that the issue is related to OID INDEXING.

    Could you please provide your views related to my last post as well 

    How To Check For Missing Indexes in OID Database (Doc ID 969583.1)

    Please find the below table details for related to indexing.

     

    SQL> SELECT index_name,index_type,uniqueness from dba_indexes where table_name='CT_ORCLGUID' or table_name='CT_DN';

    INDEX_NAME INDEX_TYPE UNIQUENES
    ------------------------------ --------------------------- ---------
    PN_DN NORMAL NONUNIQUE
    RP_DN NORMAL UNIQUE
    EP_DN NORMAL UNIQUE
    ST_ORCLGUID NORMAL UNIQUE
    VA_ORCLGUID NORMAL NONUNIQUE
    UV_ORCLGUID NORMAL UNIQUE

     

    Regards,

    Sreenath P V 

     

     



  • 16.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-18-2016 11:50 PM

    Hi Sree,

     

    Thanks for your update. I think the point is not requesting Oracle to check whether indexing is proper or not. The intention to engage Oracle is to requesting the team to check when policy server startup to retrieve objects from OID, what's the time that OID took to response to policy server requests.

    The startup took 22 hours is abnormal. What policy server do during startup is retrieving objects from policy store. Therefore, the primary suspicious is the policy store response slow on policy server requests that cause the problem.

    I know Oracle directory server has etime in access log that can check but not sure about OID.

     

    Indexing is not a root cause of the problem but a suggestion if we confirm the slowness is at the policy store side. This need to check the OID logs to confirm.

     

    Regards,

    Kar Meng



  • 17.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-19-2016 07:07 AM

    Hi Kar Meng,

     

    Thank you very much for this update, of-course we are checking the points with oracle team.

    Please find the logs from Over two different envs.

     

    ENV 1 - Siteminder 12.0 

    2770/1][Fri Oct 14 2016 08:47:27][SmObjCache.cpp:254][INFO] Precaching system configuration objects
    [2770/2][Fri Oct 14 2016 08:59:57][CServer.cpp:5018][INFO] Tracing will be optimized by buffering
    [2770/1][Fri Oct 14 2016 09:21:51][SmObjCache.cpp:466][INFO] Precaching each Policy Domain
    [2770/1][Fri Oct 14 2016 09:29:26][PolicyCache.cpp:1211][INFO] Building policy cache ...
    [2770/1][Fri Oct 14 2016 09:29:26][PolicyCache.cpp:1304][INFO] Building policy cache done
    [2770/1][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:1319][INFO] BulkRelease policy store
    [2770/19][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:978][INFO] Starting object store journal thread
    [2770/1][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:1357][INFO] Object store initialized
    [2770/20][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:470][INFO] Object store journal thread started
    [2770/20][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:471][INFO] Journal commands refresh interval is 60 second(s)
    [2770/20][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:472][INFO] Server command synchronization delta is 0 second(s)
    [2770/20][Fri Oct 14 2016 09:29:26][SmObjStore.cpp:473][INFO] Secondary cache failure timeout is 0 second(s)
    [2770/21][Fri Oct 14 2016 09:29:26][CA.XPS:INIT0015][INFO] Initializing XPS Version 12.0.0311.824
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:LDAP0023][INFO] LDAP Provider Info String = Oracle Internet Directory
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:LDAP0018][INFO] LDAP Provider Version: orclcompatibleversion = OID 11.1.1.6.0
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:LDAP0018][INFO] LDAP Provider Version: orcldirectoryversion = OID 11.1.1.5.0
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedldapversion = 2
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:LDAP0018][INFO] LDAP Provider Version: supportedldapversion = 3
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:XPSIO039][INFO] Database Transactions are OFF.
    [2770/21][Fri Oct 14 2016 09:29:27][CA.XPS:XPSIO007][INFO] 2 Parameter(s) loaded from Policy Store, 2 total.
    [2770/21][Fri Oct 14 2016 09:33:31][CA.XPS:XPSIO008][INFO] 32543 object(s) loaded from the Policy Store.
    [2770/21][Fri Oct 14 2016 09:33:31][CA.XPS:XPSIO026][INFO] Policy Store ID is "15cc94c6-a442-102c-82fc-84fac0d70000".
    [2770/21][Fri Oct 14 2016 09:33:31][CA.XPS:AUDIT012][INFO] XPS Auditing is enabled.
    [2770/21][Fri Oct 14 2016 09:33:31][CA.XPS:EDIT0056][INFO] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings).
    [2770/1][Fri Oct 14 2016 09:33:31][SmPolicyServer.cpp:546][INFO] XPS Initialization complete
    [2770/1][Fri Oct 14 2016 09:33:31][SmPolicyServer.cpp:573][INFO] Global Preferences: siteminder.viewObjects=962,
    [2770/1][Fri Oct 14 2016 09:33:31][SmPolicyServer.cpp:585][INFO] Nested Security:on


     ENV-2  Siteminder -12.52

    19343/1][Wed Oct 12 2016 15:10:18][SmObjCache.cpp:418][INFO][sm-Server-02810] Precaching system configuration objects
    [19343/1][Wed Oct 12 2016 15:11:51][SmObjCache.cpp:487][INFO][sm-Server-02820] Precaching each Policy Domain
    [19343/1][Wed Oct 12 2016 15:11:54][SmObjCache.cpp:491][INFO][sm-Server-02870] BulkRelease policy store
    [19343/1][Wed Oct 12 2016 15:11:54][PolicyCache.cpp:1294][INFO][sm-Server-02880] Building policy cache ...
    [19343/1][Wed Oct 12 2016 15:11:55][PolicyCache.cpp:1387][INFO][sm-Server-02890] Building policy cache done
    [19343/1][Wed Oct 12 2016 15:11:55][SmObjStore.cpp:1403][INFO][sm-Server-00050] Object store initialized
    [19343/25][Wed Oct 12 2016 15:11:55][SmObjStore.cpp:1025][INFO][sm-Server-00110] Starting object store journal thread
    [19343/26][Wed Oct 12 2016 15:11:55][SmObjStore.cpp:850][INFO][sm-Server-00070] Object store journal thread started
    [19343/26][Wed Oct 12 2016 15:11:55][SmObjStore.cpp:851][INFO][sm-Server-00080] Journal commands refresh interval is 60 second(s)
    [19343/26][Wed Oct 12 2016 15:11:55][SmObjStore.cpp:852][INFO][sm-Server-00090] Server command synchronization delta is 51 second(s)
    [19343/26][Wed Oct 12 2016 15:11:55][SmObjStore.cpp:853][INFO][sm-Server-05250] Secondary cache failure timeout is 0 second(s)
    [19343/1][Wed Oct 12 2016 15:11:55][Database.cpp:689][InitDB][INFO][sm-xpsxps-00120] Initializing XPS Version 12.52.0001.154
    [19343/1][Wed Oct 12 2016 15:11:56][XPSLDAP.cpp:791][CreateRoot][INFO][sm-xpsxps-01160] LDAP Provider Info String = Oracle Internet Directory
    [19343/1][Wed Oct 12 2016 15:11:56][XPSIO.cpp:451][InitialLoad][INFO][sm-xpsxps-00560] Database Transactions are 0.
    [19343/1][Wed Oct 12 2016 15:12:01][XPSIO.cpp:478][InitialLoad][INFO][sm-xpsxps-00300] 2 Parameter(s) loaded from Policy Store, 2 total.
    [19343/1][Wed Oct 12 2016 15:12:01][XPSIO.cpp:483][InitialLoad][INFO][sm-xpsxps-00330] Caching Policy Data...
    [19343/26][Wed Oct 12 2016 16:06:26][SmObjStore.cpp:343][INFO][sm-Server-03330] Key Update Management is not enabled
    [19343/26][Wed Oct 12 2016 16:06:26][SmObjStore.cpp:382][INFO][sm-Server-04720] Key distribution has been initiated by Policy Server
    [19343/26][Wed Oct 12 2016 16:06:26][PolicyCache.cpp:1294][INFO][sm-Server-02880] Building policy cache ...
    [19343/26][Wed Oct 12 2016 16:06:27][PolicyCache.cpp:1387][INFO][sm-Server-02890] Building policy cache done
    [19343/2][Wed Oct 12 2016 17:01:27][CServer.cpp:5204][INFO][sm-Server-04020] Tracing will be optimized by buffering
    [19343/1][Thu Oct 13 2016 12:11:03][XPSIO.cpp:502][InitialLoad][INFO][sm-xpsxps-00310] 37484 object(s) loaded from the Policy Store.
    [19343/1][Thu Oct 13 2016 12:11:03][XPSIO.cpp:566][SetPolicyStoreID][INFO][sm-xpsxps-00430] Policy Store ID is "9e8b0883-0681-1010-b347-84f8add80000".
    [19343/1][Thu Oct 13 2016 12:11:03][XPSAudit.cpp:719][GetAudit][INFO][sm-xpsxps-06870] XPS Auditing is enabled.
    [19343/1][Thu Oct 13 2016 12:11:04][Database.cpp:752][InitDB][INFO][sm-xpsxps-03460] No validation warnings will be logged (controlled by CA.XPS::

     

    Could you please suggest how can i disable the highlighted steps while siteminder start-up. We suspect this is an issue due to policy server cashing.

     

    Regards,

    Sreenath P V 



  • 18.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-20-2016 07:12 PM

    Hi Sreenath,

    Caching and building policy cache during policy server startup is expected behavior. We don't have option to disable the cahcing during startup. The cache is to improve the performance when requests come in. This is by design on how policy server should work. The same thing happen in R12 version.

    ie:

    [2770/1][Fri Oct 14 2016 09:29:26][PolicyCache.cpp:1211][INFO] Building policy cache ...
    [2770/1][Fri Oct 14 2016 09:29:26][PolicyCache.cpp:1304][INFO] Building policy cache done

     

    The 12.52 log portion flow is expected except the extra time it took to load the data for caching.

    The core focus should be why PS slow to load objects from policy store.

     

    Regards,

    Kar Meng



  • 19.  Re: Error after upgrade: policy server taking 22 hour for startup

    Posted 10-21-2016 07:54 AM

    Hi Sreenath,

     

    You're running Policy Store version :

     

           Oracle Internet Directory

     

    What's your OID domain ?

     

    As documentation states, you need to configure the OID domain starting with dc=
    and nothing else :

     

         Configure a Domain in Oracle Internet Directory

     

         To configure an OID as a policy store, first create a domain in OID.

     

         Follow these steps:

     

           Open Oracle Data Manager (ODM).
           Right-click Entry Management, and select Create.
           Enter dc=dcbok for the Distinguished Name value.
           Enter dc for the dc value.
           Create an organizational unit.
           Select an organizational unit.
           Enter ou=bok,dc=dcbok for the Distinguished Name value.
           Enter bok for the ou value.
           The OID domain is configured.

     

           https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/installing/policy-server/configure-ldap-directory-server-policy-session-and-key-stores/configure-ldap-directory-server-as-policy-store/configure-an-oracle-internet-directory-server-as-a-policy-store

     

    If not configured that way, you'll find performances issues from the Policy
    Store itself as then, the Policy Server will take time to startup.

     

    Best Regards,
    Patrick