After a server reboot, or while manually starting the LDAP Sync service from the EG Console, the Symantec Ldap DirSync Service process is stuck in a starting state.
A log entry similar to the following appears in the service.out log for User Store Sync.
INFO | jvm 1 | Exception in thread "Thread-5" java.lang.OutOfMemoryError:
or
INFO | jvm 1 | Could not reserve enough space for 2048000KB object heapJava heap space
There are 3 different LDAP services
Each service relies on a JVM initialized by the VIP EG to start the service. If Java cannot allocate enough contiguous memory required by the JVM heap, the error will occur:
STATUS | wrapper | 2020/08/15 02:19:08 | Launching a JVM...
INFO | jvm 1 | 2020/08/15 02:19:09 | Error occurred during initialization of VM
INFO | jvm 1 | 2020/08/15 02:19:09 | Could not reserve enough space for 1431552KB object heap
This issue is resolved in VIP Enterprise Gateway 9.10 and later which include native 64-bit support and are unaffected by 32-bit memory limitations. If unable to upgrade, follow these steps:
Is your VIP Enterprise Gateway server hosted on a VMWare\ESX virtual machine? The ESX host could be reallocating memory when the service stops and prevent it from restarting. Allocating additional memory and disabling memory sharing in the VM settings may help. Most of the time, a system reboot will resolve the issue. If not, follow these steps:
Alternatively, you can attempt to adjust the Java heap size higher or lower. Prior to making any adjustments, disable VM memory sharing and if possible, allocate additional memory to the machine before proceeding:
For the error java.lang.OutOfMemoryError: Java heap space
-- gradually increase the heap size to no more than 4GB.
For the error Could not reserve enough space for xxxxxxxxKB object heap
-- gradually decrease the heap size (i.e., 1100).
The Java heap size can be modified by changing the value of wrapper.java.maxmemory in the following file:
<VIP_EG_INSTALL_DIR>\Symantec\VIP_Enterprise_Gateway\LdapSync\Services\ldapSync\conf\wrapper2.conf
Follow steps 1-6 above to restart the Symantec VIP Enterprise Gateway server and LDAP service.
The Java heap size can be modified in Linux be increasing the value in the below location:
<VIP_EG_INSTALL_DIR>/ldapSync/bin
Edit the portion in RED
if [ -s "services/ldapSync/conf/ldapsync.conf" ]; then
cd $MSAS_HOME/bin
export CMD="${JAVA_HOME.EN_US}/bin/java -Xms32m -Xmx3g -XX:+UseG1GC -Duser.language=en -Duser.region=US -Duser.country=US -Dcom.sun.jndi.ldap.connect.pool.timeout=1800000 -DVRSN_MAUTH_HOME=$MSAS_HOME/.. com.verisign.ldapSync.scheduler.LDAPSyncScheduler --config-file"
export CFG="${MSAS_HOME.EN_US}/services/ldapSync/conf/ldapsync.conf"
else
echo "ERROR: directory ${MSAS_HOME.EN_US}/services/ldapSync/conf does not contain a known configuration file!"
exit -1
fi
After making this change, restart the VIP Enterprise Gateway Server.