Symantec IGA

 View Only

 Some Windows endpoints become unreachable

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted May 22, 2023 04:52 AM

Hi Team,

Identity Manager R14.3 CP2

We have received inquiries that communication with some Windows endpoints periodically becomes
 impossible in customer environments.

At the same time, the following error "There is no remote CAFT server running" is output, 
and every time communication becomes impossible, it will be resolved by restarting the cam service.

Since communication becomes impossible, processing for the corresponding endpoint such as password change and account creation fails, and "Endpoint display" from the IdentityManager management screen also becomes an error.

Error Eessage
ERROR IM Provisioning Server - :ETA_E_0008<MAC>, Windows NT Account 'XXXX' on 'YYYY' modification failed: Connector Server Add failed: code 52 (UNAVAILABLE): failed to add entry eTN16DirectoryName=acc-asteria01t,eTNamespaceName=Windows NT,dc=im,dc=etasa: JCS@idm-ac01: JNDI: Failed to activate connector on proxy connector server: [LDAP: error code 52 - CAFT Message : \0x5B9F\0x884C\0x3057\0x3066\0x3044\0x308B\0x30EA\0x30E2\0x30FC\0x30C8CAFT\0x30B5\0x30FC\0x30D0\0x306F\0x3042\0x308A\0x307E\0x305B\0x3093\0x3002] (ldaps://idm-ac01:20411) (by User 'pdadmin' - TenantNotSet) [DETAIL] {ID=IM-2390c553-53effef6-48122349-86bbda90-831-1-0-1}

When I checked the etatrans log, it seemed that the following message was output before the above event occurred.

  20230516:165811:TID=0014b8:LDAP      :----:----:*:   IDLE[008]: ld=102EB520; seconds_until_expired=1785, shutdown=N
  20230516:165811:TID=0014b8:LDAP      :----:----:*: CONPOOL 01275980[CS]: idle=23; busy=2; mn=20; mx=600; wt=0; cn=0; bind_avg=0.57 [

The above processing delay message occurs periodically at different timings.
Since it is said that the LDAP browser cannot communicate when the event occurs, we believe that processing delays such as server load due to CAIM processing may be the cause.
Am I correct in this understanding?