Symantec Access Management

Tech Tip : CA Single Sign-On : Heavily degraded performance on Policy Servers

  • 1.  Tech Tip : CA Single Sign-On : Heavily degraded performance on Policy Servers

    Posted 08-16-2018 02:31 AM

    Issue:

     

    We're running Policy Server, and since two days, we experience heavy
    slowness on some of our Policy servers. We are getting at the time of
    the issue messages like :

    Connection request rejected. Connection limit of 3072 exceeded

    [Sm_Auth_Message.cpp:511][INFO][sm-log-00000] Execution
    time exceeded threshold. (CSm_Auth_Message::ProcessMessage, 19953,
    5000, agent=myagent client=*10.10.10.10
    server=https://myserver.mydomain.com resource=/index.html
    action=POST user=)

    How can we fix this ?

     

    Cause:

     

    Indeed, the 1024 is too low, if you have set the Max Connection to
    3072 and if this is a Production Server with load. From documentation,
    we mentioned that value but only to illustrate how the command to set
    it work.

    Modify the Default Limit Parameters
    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/installing/install-a-policy-server/install-policy-server-on-unix/prepare-for-the-policy-server-installation

     

    Resolution:

     

    Set the value of ulimit -n to a value much higher than 1024 to fix this issue

     

    KB : KB000109663