The Enforce console experiences out of memory errors, with "access denied" entries showing up in Tomcat.
These eventually lead to a need to restart the service
Following errors appear in the Tomcat (Manager localhost log):
28 Aug 2017 23:16:43,837- Thread: 214643 SEVERE [com.vontu.manager.command.enforce.ManualCommandRuntimeLoader$1] Command runtime unloading failed Cause: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThread")
This error is also related to the same issue:
23 Oct 2017 13:57:27,205- Thread: 130 WARNING [com.vontu.manager.struts.ProtectActionProcessor] Permission to view page not granted. Access denied to requesting URI: /ProtectManager/SaveEndpointPartialMatchingManagement.do. Requires permission: modifyThread.
The docs team created the following entry in the 14.6 MP3 release notes for the fix to this issue:
4164405 : "Executing response rules as a non-Administrator user on the Enforce Server administration console lead to thread leakage and performance degradation over time."
Issue was discovered on RHEL servers, but are not believed to be limited to that OS.
Upgrading either to 14.6 MP3, to 15.0 MP1, or to 15.1, will resolve this issue.