Symantec IGA

 View Only
  • 1.  Event description location in SQL database

    Posted Dec 04, 2019 01:59 PM
    Dear Broadcom IM community, good afternoon!
    I hope you are doing fine! This is my first post here.

    Currently, we have IM deployed as a Virtual Appliance across 4 servers (IM, PS/CS/US, IG and IP). This setup is also present on another node in another datacenter.

    I am investigating why some AD tasks (mostly AD password resets) are taking longer than usual (roughly 15 minutes) to complete. In order to isolate the issue, we are querying the database for the long running tasks but cannot determine which endpoints are being the cause of the delay (we have ~300 resets/day and ~5000 resets/month, so it is not viable to go through each of these tasks one by one).

    Therefore, we would like to know if anyone knows where the information highlighted in PURPLE is within the database so we can query it and get the endpoint name. We are using SQL as the database. I went through many tables (Task Persistence, Audit, ObjStore) but did not have any luck.

    Also, if anyone knows how to get the domain controller to which the Connector Server is connecting on that endpoint from the logs and could share this info with us, that would be awesome!

    VST info

    Excel SQL report




    ------------------------------
    Software Consultant
    Gliat Tecnologia da Informação
    São Paulo
    Brazil
    ------------------------------


  • 2.  RE: Event description location in SQL database
    Best Answer

    Broadcom Employee
    Posted Dec 05, 2019 11:05 AM
    The screenshot you provided does not show a 15 minute delay. It also doesn't indicate what kind of task is being run to change the password which may impact where the data is being stored. The task data is also spread out amongst many tables so you may be better off checking the etatrans.log for specific slow transactions and troubleshooting problems with individual endpoints as you see them.

    ------------------------------
    Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 3.  RE: Event description location in SQL database

    Posted Dec 06, 2019 10:44 AM
    Hello Larry,

    Thank you very much for your answer.

    The screenshot is merely an illustration of the specific field that contains the information I need, which is what I am looking for in the database. It could represent the actual problematic task, but for the purpose of asking the location of the information in the database, I believe the screenshot is enough. I am triyng to understand in what circumstances the slowness occurs (only on specific endpoints, specific timeframes, with specific users, when the Connector uses a specific domain controller, etc).

    These are mostly Self Service Password Reset tasks - same as to changing a user's password on an endpoint through the "Modify User's Endpoint Accounts" task (we basically copied this task and renamed it, adding a few authentication steps before resetting the password (Q&A profile).

    I have not had much luck with the ETATRANS log file (even after increasing the log level in the Provisioning Manager and data/im_ps.log).

    Please let me know if I can provide any further information so it is easier to identify the root cause of these issues.

    Links I have used for increasing log verbosity:

    1) https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-2/reference/provisioning-maintenance/view-and-maintain-log-files.html
    2) http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-2/administrating/system-management/adjusting-logging-levels-in-identity-manager.html

    ------------------------------
    Software Consultant
    Gliat Tecnologia da Informação
    São Paulo
    Brazil
    ------------------------------