Symantec IGA

 View Only
Expand all | Collapse all

Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

  • 1.  Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Broadcom Employee
    Posted Feb 21, 2020 02:20 AM
    Edited by Rinat Matityahu Mar 23, 2020 02:38 AM

    Broadcom has identified a regression in the above releases, which causes a looping conditions in certain circumstances.

    The looping occurs when an object known to Provisioning Server was manually deleted on the endpoint itself and then searched for (an account, a group in an account template etc).
    The same looping might occur when a user trying to reset a password on an account which has been manually moved to a different OU
    This will cause a looping error of NO_SUCH_OBJECT which could lead to performances degradation, increase in log file sizes among other symptoms.

    We would advise customers running the specific Identity Manager CPs to proactively apply the hotfixes available in the following locations

    14.1: https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS12425&os=ANY

    14.2: https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS12431&os=ANY

    14.3: https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS12435&os=ANY

    The fix should be applied on the Provisioning Server(s).

    These are official, Production ready fixes.

    Earlier Identity Manager CPs are not affected by this regression


  • 2.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Broadcom Employee
    Posted Feb 21, 2020 10:39 AM
    Thanks Rinat!!

    Bill

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 3.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

     
    Posted Feb 21, 2020 01:10 PM
    Thank you for sharing this with the community!

    ------------------------------
    Chris Hackett
    Community Manager, Broadcom Enterprise Software Division
    Broadcom Inc.
    ------------------------------



  • 4.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Feb 26, 2020 04:47 AM
    Dear Rinat,

    Thanks for sharing the information. We had recently faced similar issue in our environment(IM 14.2) which we got resolved by again exploring whole endpoint. Single user endpoint explore could not resolve the problem.

    We will apply the fix and check.

    Somehow, from mentioned link we could not download the hotfix neither via browser nor via FTP.

    Thanks
    Annu Singh


  • 5.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Broadcom Employee
    Posted Feb 27, 2020 08:08 AM
    Hi Annu, are you running Identity Manger 14.2 CP5? This regression is only relevant to CP5 of 14.2 and not earlier ones.
    Were you able to download the required fix by now?
    Regards
    Rinat


  • 6.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Feb 27, 2020 08:54 AM
    Dear Rinat,

    Yes , we sytarted reporting issue post deployment of CP5 patch in version 14.2. We are able to download fix and deployed on Prod system.

    System is under monitoring.

    Thanks
    Annu Singh


  • 7.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Broadcom Employee
    Posted Feb 27, 2020 09:12 AM
    Good, appreciate your confirmation.
    Many thanks
    Regards
    Rinat


  • 8.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Feb 27, 2020 07:59 AM
    Rinat,

    Is this issue present on the Virtual Appliance?  If so, is the fix bundled with CP2 or will something else be released to address it?

    Ty.


  • 9.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1
    Best Answer

    Broadcom Employee
    Posted Feb 27, 2020 08:06 AM
    Hi Samuel,
    As long as the vApp is running any of the above Identity Manager CPs - it will be subject to the regression. Both On Premise and vApp are essentially the same Identity Manager code.
    Please follow the links above suitable for your release - fixes for both vApp and On Premise are available now to download
    Regards
    Rinat


  • 10.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Broadcom Employee
    Posted Jul 30, 2020 05:02 AM
    This fix is now included in 14.3 CP2
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/Release-Notes/Fixed-Defects/Identity-Manager-14_3-CP2---Fixed-Defects.html

    For 14.1 and 14.2 - the above fixes are still required.


  • 11.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Jul 30, 2020 03:48 PM
    Thanks. Is there a Hot Fix available for non-vApp deployments?


  • 12.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Jul 30, 2020 03:54 PM

    Chris,

     

    I downloaded the HF for 14.2, which is a .zip with versions for vApp and non-vApp installs.

     

    Enrique L Torres

    Enterprise Architect  |  Enterprise Studio

    HCL Technologies Ltd.

    +1 915-204-7107  |  enrique.torres@hcl.com  | El Paso, TX

    www.hcltech.com/enterprise-studio

     

     






  • 13.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Jul 30, 2020 04:00 PM
    Thanks, Enrique.

    clava

    Christopher B. Lavagnino 

    Senior Principal Services Architect  |  Enterprise Studio 

    HCL Technologies Ltd.  

    310-717-7371  |  Christopher.Lavag@hcl.com  |  

    www.hcltech.com  | www.ca.com/services 

     

     







  • 14.  RE: Proactive notice for customers running 14.1 CP10, 14.2 CP5 or 14.3 CP1

    Posted Jul 31, 2020 11:04 AM
    I downloaded and deployed the HotFix in our (IRS) DEV environment. We experience this issue frequently in our PETE (Performance/Stress Testing) environment, less frequently in our PROD environment. Since we manage directories with millions of entries, we implemented selective explore/correlates which detect updates since the last iteration of the script. Owing to the clean up sequence required by our Performance Testing, zombie accounts were left in the Provisioning Directory leading to the infinite loops. I am concurrently downloading the 14.3 CP2 which we will be deploying to our environments over the course of the next few weeks.