[SiteMinder] Auto Start of Policy Server not working on RHEL 7.x

book

Article ID: 208331

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Auto Startup Script has been configured according to the documentation.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/install-policy-server-on-unix/configure-auto-startup.html

 

When manually starting up policy server via command-line (start-all) the policy server starts up just fine.

But when the machine is rebooted, policy server starts but is then killed so policy server need to be started up manually.

 

"/var/log/messages" reports the following.

Feb 11 15:38:31 smps-02 systemd: Starting S98sm Service...
Feb 11 15:40:01 smps-02 systemd: S98sm.service start operation timed out. Terminating.
Feb 11 15:40:01 smps-02 systemd: Failed to start S98sm Service.
Feb 11 15:40:01 smps-02 systemd: Unit S98sm.service entered failed state.
Feb 11 15:40:01 smps-02 systemd: S98sm.service failed.

"systemctl status S98sm" reports the following.

[[email protected] log]# systemctl status S98sm
● S98sm.service - S98sm Service
   Loaded: loaded (/etc/systemd/system/S98sm.service; enabled; vendor preset: disabled)
   Active: failed (Result: timeout) since Thu 2021-02-11 15:40:01 AEDT; 13s ago
  Process: 818 ExecStart=/opt/CA/siteminder/start-all (code=killed, status=TERM)

Feb 11 15:38:31 smps-02.kimlabs.net systemd[1]: Starting S98sm Service...
Feb 11 02:38:32 smps-02.kimlabs.net smpolicysrv[917]: EventID: 1002, Category: Authentication, Description: The server is initializing.
Feb 11 02:38:32 smps-02.kimlabs.net smpolicysrv[917]: EventID: 5000, Category: Authentication, Description: The server failed to initialize.
Feb 11 15:40:01 smps-02.kimlabs.net systemd[1]: S98sm.service start operation timed out. Terminating.
Feb 11 15:40:01 smps-02.kimlabs.net systemd[1]: Failed to start S98sm Service.
Feb 11 15:40:01 smps-02.kimlabs.net systemd[1]: Unit S98sm.service entered failed state.
Feb 11 15:40:01 smps-02.kimlabs.net systemd[1]: S98sm.service failed.

Cause

This is because the default Startup Timeout is 90 seconds.

If the service does not start within 90 seconds to return a success result then it will be killed and considered failed start.

 

Environment

Release : 12.8.x

Component : SITEMINDER POLICY SERVER

Resolution

You can increase the StartupTimeout in the "/etc/systemd/system/S98sm.service"

Following sample shows the TimeoutStartSec being set to 3000 seconds. You may need to test to come up with sufficient value.
"infinity" is also a valid option but should rather investigate why the startup would take so long.

[Unit]
Description=S98sm Service
Requires=network.target

[Service]
Type=forking
User=smuser
ExecStart=-/opt/CA/siteminder/start-all
ExecStop=-/opt/CA/siteminder/stop-all
Restart=on-abort
TimeoutStartSec=3000

[Install]
WantedBy=multi-user.target

 

If the TimeoutStartSec value is sufficient, then the following should be observed.

 

"/var/log/messages" reports the following.

Feb 11 15:42:02 smps-02 systemd: Starting S98sm Service...
Feb 11 15:43:38 smps-02 systemd: Started S98sm Service.

"systemctl status S98sm" reports the following.

[[email protected] log]# systemctl status S98sm
● S98sm.service - S98sm Service
   Loaded: loaded (/etc/systemd/system/S98sm.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-02-11 15:43:38 AEDT; 23min ago
  Process: 3361 ExecStart=/opt/CA/siteminder/start-all (code=exited, status=1/FAILURE)
 Main PID: 3373 (smexec)
   CGroup: /system.slice/S98sm.service
           ├─3373 /opt/CA/siteminder/bin/smexec
           ├─3374 /opt/jdk1.8.0_181/jre/bin/java -Xrs -Xmx64m -Dnete.ps.root=/opt/CA/siteminder -classpath /opt/CA/siteminder/lib/smconapi.jar:/opt/CA/siteminder/lib/smmon.jar com.netegrity.sm...
           └─3375 smpolicysrv

Feb 11 15:42:02 smps-02.kimlabs.net systemd[1]: Starting S98sm Service...
Feb 11 15:42:03 smps-02.kimlabs.net smpolicysrv[3375]: EventID: 1002, Category: Authentication, Description: The server is initializing.
Feb 11 15:43:27 smps-02.kimlabs.net smpolicysrv[3375]: EventID: 1000, Category: Authentication, Description: The server is up.
Feb 11 15:43:38 smps-02.kimlabs.net start-all[3361]: SiteMinder Policy Server is running
Feb 11 15:43:38 smps-02.kimlabs.net start-all[3361]: SiteMinder Health Monitor is running
Feb 11 15:43:38 smps-02.kimlabs.net systemd[1]: Started S98sm Service.

Additional Information

More detail on TimeoutStartSec: https://bugzilla.redhat.com/show_bug.cgi?id=1446015