Symantec IGA

Hi Techies,

I would like to bring to your attention about the ongoing issue of CA-IDM "Java Out of Memory-HeapSpace/VM Limit Issue" which is majorly affecting the Password Resets of User's in Symantic Identity Manager Application. Necessary troubleshooting has been made by all of us trying to fix the issue which involved increasing the size on Jvms-1024MB, Jvmx-4096MB on connector server's/On Non-Prod 10.100.9.53, Checking the JAVA_OPTS Environment Variables on Standalone.config.bat, Checking the im_cc.logs. However, the issue seems un-resolved. We see that the RAM size is also 16GB on 10.100.2.43 & 10.100.2.44 Server's and the issue is also on the same.

Referred the Link:Below article on Java Connector Server (JCS) Java heap space out of memory: 
https://knowledge.broadcom.com/external/article/203189/java-connector-server-jcs-java-heap-spac.html 

Error: Screenshot Below,

Could someone suggest the exact solution to get the issue resolved?

Thanks in advance.

Hi Chandra,

The OutOfMemoryError in your screenshot is from IM server (JBoss) while you are referencing memory allocation of the JCS.

Are you observing this error only during a password reset? is it consistent?

Is there any additional logic used during password reset, which might consume memory?

If you need further assistance with troubleshooting, please raise a Support ticket so we can assist with some more specific troubleshooting steps

Regards

Rinat

Hi CHANDRA,

Since you mention this challenge was occurring during password reset, I would suggest looking at the password keyspace for special characters that your solution is not allowing.   The solution is UTF8, and can manage most special characters, but we have seen instances of non-compliant characters used that impacted the JAVA memory.   Resolutions included using PX Rule to remove or prevent use of these special characters when the end user would attempt to enter them.

When you get Out-of-memory-errors, they can be challenging to debug, so you need to capture all info prior to recreating the OOM.   Hopefully, you can recreate this error at will. 

You may wish to enable full debug on the IME via <IAM Suite>/IdentityManager/tools/samples/Admin/user_console.war/logging_v2.jsp to trace when and what is actually failing.   Additionally, use a PX rule to monitor the Password Reset Task(s) used and sent all output to the logs to ensure it matches your expectations.

-Alan