Agent command object corruption


Article ID: 194825


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server and sometime a corrupted object appears
in the Policy Store which leads to raise in the amount of agent
commands and Policy Server reports error :

  [6528/1184][Fri Jun 26 2020
  15:22:30][SmPolicyServer.cpp:1883][ERROR][sm-Server-00620] Exception
  in JournalThread. Text: Policy store failed operation 'CleanAgentCmds'
  for object type 'Policy store provider'. LDAP Error Deleting
  AgentCommand object: 32: No such object

We needed to clean all AgentCommands manually. How can we prevent this
to happen ?




The issue comes from a duplicated agent command object object :


  dn: smAgentCommandOID4=14-a9c01c2d-9c7d-4444-bf17-fd4cbc7f889f\0ACNF:6126a9a
  objectClass: smAgentCommand4
  objectClass: top
  instanceType: 4
  objectCategory: CN=smAgentCommand4,CN=Schema,CN=Configuration,CN={ECEBF945-F
  smAgentCommandOID4:: MTQtYTjMDFjMmQtOWDASDE8sETgxLWJmMTctZmQ0Y2JjN2Y4ODlmCkN
  smCommand4: 4
  smTimeStamp4: 159340000
  distinguishedName: smAgentCommandOID4=14-a9c01c2d-9c7d-4444-bf17-fd4cbc7f889f\0ACNF:

  dSCorePropagationData: 1601010100141100.0Z
  name:: MTQtYTljMDFjMmQtOWM3ZC00MTgsadsJmMTctZmQ0Y2JjN2Y4ODlmCkNORjo2MTI2YTlhZ
  objectGUID:: r6kmYfyaqEuCmr+as454pvcQ==
  smCommandData4: {RC2}0GpXaPg22dasDSSG8b8eg9BDLRpVY2IDsZ1V/NiizFzJVeShIZ9CKQN
  uSNChanged: 762445608
  uSNCreated: 762244131
  whenChanged: 20200530001741.0Z
  whenCreated: 20200530001545.0Z

This is due to know internal ADLDS (AD) processing problem :

  Active Directory: Duplicate Object Name Resolution

We've analysed the .ldif file and we've found no corruption, which
means that duplicate data seems to come from replication issue or
problem with the ldap service itself.




Policy Store on Active Directory and ADLDS;




Investigate the LDAP service replication and run time to understand
the cause of the duplicated object.

1. For environment tuning and implementation, please refer to
   documentation here :
   Data Tier Performance

   and for the all environment :

   Performance Tuning

2. No version of Policy Server will be able to handle duplicated
   objects in Policy Store as they are unexpected;

   You have to investigate the ADLDS service and the replication
   between both instances.