IMAG 14.2 RACFv2 returning timeout to see account via Provisioning Manager
search cancel

IMAG 14.2 RACFv2 returning timeout to see account via Provisioning Manager

book

Article ID: 137585

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Provisioning Manager gets timeout when try bring the account information that contains a group as their owner.


ERROR: ETA_E_0020<RAC>, User Account 'USERNAME' on TEST_B23 read failed: Connector Server Read failed: Timed out (ldaps://connectorserverhost:20411)



Environment

Release : 14.2

Component : CA LDAP Server

Cause

1) verify file etatransYYYmmdd-nnn.log to check if shows the timeout coming from Connector server hostname:20411:

20190730:163507:TID=1dbb70:Search :S379:E375:P: Class Name: User Account
20190730:163507:TID=1dbb70:Search :S379:E375:P: base-dn: eTDYNAccountName=USERNAME,eTDYNAccountContainerName=Users,eTDYNDirecto
20190730:163507:TID=1dbb70:Search :S379:E375:P:+ ryName=TEST_B23,eTNamespaceName=RACF v2,dc=im
20190730:163507:TID=1dbb70:Search :S379:E375:P: scope : BASE
20190730:163507:TID=1dbb70:Search :S379:E375:P: filter : (objectClass=eTDYNAccount)
20190730:163507:TID=1dbb70:Search :S379:E375:P: attrs : <ALL>
20190730:163507:TID=1dbb70:Search :S379:E375:P: size-limit: 50000
20190730:163507:TID=1dbb70:Search :S379:E375:P: time-limit: 90
20190730:163637:TID=1dbb70:Search :S379:E375:F: FAILURE: Connector Server Search (eTDYNAccountName=USERNAME)
20190730:163637:TID=1dbb70:Search :S379:E375:F: rc: 0x0034 (DSA is unavailable)
20190730:163637:TID=1dbb70:Search :S379:E375:F: msg: Connector Server Read failed: Timed out (ldaps://<IP>:20411)
20190730:163637:TID=1dbb70:Search :E375:----:F: FAILURE: External Search (eTDYNAccountName=USERNAME)
20190730:163637:TID=1dbb70:Search :E375:----:F: rc: 0x0034 (DSA is unavailable)
20190730:163637:TID=1dbb70:Search :E375:----:F: msg: :ETA_E_0020<RAC>, User Account 'USERNAME' on 'TEST_B23' read failed: Conn
20190730:163637:TID=1dbb70:Search :E375:----:F:+ector Server Read failed: Timed out (ldaps://ipaddress:20411)

 

2) check log jcs_daily.log if showing the eTRACOwner as the group RACFGROUP (or the name of group the is defined as owner of RACF profile)

 

eTRACOwner: RACFGROUP, eTRACTsoUserdata: 0000, eTRACLastAccessTime: hh:mm:ss}

 

3) Search in jcs_daily.log yet if have this exception error:  80: 

ICH30001I UNABLE TO LOCATE USER ENTRY RACFGROUP]: failed to lookup etracuserid=RACFGROUP,eTRACAdminGrp=Users,host=B13,o=COMPANY,c=us'

 

[ApacheDS Worker-thread-190] (com.ca.jcs.core:com.ca.jcs.processor.RetryOpProcessorProxy:343) DEBUG - class com.ca.jcs.racf.RACFMetaConnector: TEST_B23 [eTDYNDirectoryName=TEST_B23,eTNamespaceName=RACF v2,dc=im,dc=etasa]: no retry group found matching exception text 'javax.naming.NameNotFoundException: JCS@connectorserverhostname: JNDI: [LDAP: error code 80 - ICH30001I UNABLE TO LOCATE USER ENTRY RACFGROUP]: failed to lookup etracuserid=RACFGROUP,eTRACAdminGrp=Users,host=B13,o=COMPANY,c=us'

Resolution

1/  change the removing the mapping for owner from conxp( "eTRACOwner" from connectorXpress on the right hand side) then deploy right click on RACF V2 on complete right side then select deploy and increased the version 

2/ Restarted JCS. 



Attachments

1569351438388__DefautlRacf.png get_app
Powered by Wolken Software