CA Security Tech Tip: CA Single Sign-On
Orphaned Semaphore Issue usually seen with Apache Webagent side
Typically the semaphores are created when the webagent starts up along with shared memory segments that the webagent uses for its Low level Agent
Worker Process (LLAWP) to communicate with the High Level Agents internally. When the webagent starts up it keeps a track of all the web
server process id's so if the count goes at 0, the LLAWP also exists and clears off all the semaphores and shared memory segments for a complete
webagent shut off. sometimes, there is a web server process which is still out these either hung or crashed causing the LLAWP to loose track of that process and hence
become out of sync with the webserver resulting in error messages in the logs where it says it has been unable to remove those semaphores. Typically, if you just stop the web server you need to give 5 seconds or
more for LLAWP to stop as well before attempting to start the web server again. If you end up in this situation, we usually recommend customers to stop the web server. Check if LLAWP has completely gone down by doing ps -
ef | grep LLAWP command and once it is completely gone, and assuming this is Solaris, run ipcs and ipcrm commands to list and delete the semaphores and shared memory segments owned by the user which starts the web server.
Then start the web server back up again clean.
Check for shared memory and semaphores leftover from the web server using following commands:
ipcs -s list semaphores
ipcs -m list shared memory
ipcrm -s remove semaphores
ipcrm -m remove shared memory
Thanks
Anand