In some CA PAM SC installations, the size of the ActiveMQ database (KahabDB) is growing extremely fast, causing issues with disk space as well as symptoms such as slowness, multiple ActiveMQ processes, etc. This may result in decreased functionality of the product and it may require frequent restarts and manual purges of KahabDB. The present article discribes a possible reason for this behavior and the corresponding remediation.

CA PAM SC 14.X Windows and Unix/Linux

This may occur when the heartbeat commands from the endpoint to the DMS__ are not being picked up by consumers. Typically, the PAM SC product should have the Privileged Account Management (PUPM) components deactivated, which is not the case for the DiscoveryAgent component. This causes a heartbeat from the endpoint to be sent to ActiveMQ without it being actually consumed and as a result it is sent straight to the Dead Letter Queue (DLQ), resulting in an ever increasing Kahab DB.

The DiscoveryAgent value at the endpoints must be set to 0 to deactivate the heartbeat. To do so, follow these instructions after stopping the PAM SC endpoint components (secons -sk)

• Windows systems
  • Open the registry editor by running regedit.exe as an Administrator or equivalent user.
  • Navigate to HKLM\Software\ComputerAssociates\AccessControl\Common\AgentManager
  • Set OperationMode to 0 to prevent PUPM from pinging the ENTM
• Linux/Unix systems
  • Navigate to the AccessControlShared folder (e.g. /opt/CA/AccessControlShared)
  • Edit file accommon.ini
  • Locate section [DiscoveryAgent] and set Operation = 0

Restart PAM SC after these changes so that it picks up the new value