CA PIM 12.9 SP1: checkin fails with error "no information available for connector"

book

Article ID: 103496

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Sometimes checkin fails on doing checkin for a lot of SSH Device accounts simultaneously.
Once the checkin fails, it occurs again and force checkout by superadmin also fails.

There are errors in server.log/jcs_daily.log.

server.log:
-----
2018-03-14 20:22:17,184 INFO [com.ca.ppm.util.endpointpasswordservices.EndpointPasswordServicesUtil] change password returned failure from jcs via Q:!"6","Unknown error","code 32 (NO_SUCH_OBJECT): failed to modify entry: eTDYNAccountName=<Account>,eTDYNAccountContainerName=SSH Accounts,eTDYNDirectoryName=<Endpoint>,eTNamespaceName=SSH Device,dc=im,dc=etasa: JCS: no information available for connector 'SSH Device/<Endpoint>'" for account:Account Name: "<Account>" Endpoint Name: "<Endpoint>" SSH Accounts ("SSH Device")
2018-03-14 20:22:17,184 ERROR [STDERR] java.lang.Exception: !"6","Unknown error","code 32 (NO_SUCH_OBJECT): failed to modify entry: eTDYNAccountName=<Account>,eTDYNAccountContainerName=SSH Accounts,eTDYNDirectoryName=<Endpoint>,eTNamespaceName=SSH Device,dc=im,dc=etasa: JCS: no information available for connector 'SSH Device/<Endpoint>'"
2018-03-14 20:22:17,190 ERROR [com.ca.ppm.event.impl.CheckInAccountPasswordEvent] no information available for connector 'SSH Device/<Endpoint>'"
java.lang.Exception: no information available for connector 'SSH Device/<Endpoint>'"
2018-03-14 20:22:17,191 INFO [com.ca.ppm.event.impl.CheckInAccountPasswordEvent] Failed to check in account <Account> due to no information available for connector 'SSH Device/<Endpoint>'"
2018-03-14 20:22:17,198 ERROR [com.netegrity.ims.exception.EventExecuteStateException] Execution of event: CheckInAccountPasswordEvent failed. Exception encountered: Check in Privileged Account. no information available for connector 'SSH Device/<Endpoint>'"
-----

jcs_daily.log:
-----
2018-03-14 20:22:18,227 231078599 [ApacheDS Worker-thread-48] (com.ca.jcs.DefaultConnectorManager:528) ERROR - no information available for connector 'SSH Device/<Endpoint>'
2018-03-14 20:22:18,228 231078600 [ApacheDS Worker-thread-48] (com.ca.jcs.PartitionLoaderService:334) ERROR - exception in modify(, items): org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: JCS: no information available for connector 'SSH Device/<Endpoint>'
-----

 

Cause

The ssh connectors are deactivated and again activated after some time by jcs.
When ssh connectors are deactivated, at around that time customer is tried to do some operation on ssh devices.
Due to that customer is not able to do checkout/checkin operations.
Once after activation of connetors, customer is able to do checkout/checkin operations.

Environment

PIM 12.9 SP1

Resolution

Increasing the value for I_CONNECTIONS in ssh device xml file should resolve the issue.

1.Stop JCS service
2.Open ssh_connector_conf.xml file available under \AccessControlServer\Connector Server\conf\override\sshdyn
3.In this file, you can find something like below:
<package name="com.ca.jcs.sshdyn">
<class name="SSHConnectionManager">
<param name="I_CONNECTIONS" value="10" />
</class>
</package>
4.Now change the value from 10 to 100.
5.Start JCS service