ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vaap node2 crashed and unable to undeploy or deploy in Identity Suite Console

book

Article ID: 213209

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Recently we lost Vaap node2 have to delete node2 and create a new one from scratch,

When trying to do the deploy from Identity Suite Vaap Console again with the fresh node it's receiving a message that the userstore on node1 was not able to connect to node2 with error "Replication check for User Store on <ip-address> FAILED: [ERROR] The "UserStore_userstore-01" DSA replication status on <ip-address> is  invalid

Tried this solution https://knowledge.broadcom.com/external/article/53521/my-dsas-wont-start-with-failed-to-set-pi.html that worked before but with no results

 

 

 

Cause

1) check ca_vapp_main.log. 

YYY Month Day hh:mm:ss  hostname.domain deploySolution_main [ERROR] Replication check for User Store on <ip-address> FAILED: [ERROR] The "UserStore_userstore-01" DSA replication status on <ip-address> is  invalid

2) in above error indicates that dsa "UserStore_userstore-01" has the issue trying to comunicate with <ip-address> of machine02 that was the UserStore_userstore-02

3) go to dsa log to see if have errors as for example this one found in your logs:

[6] 20210408.231839.668 DSA_E2735 Multiwrite-DISP: Unable to synchronize with peer 'UserStore_userstore-02'

4) in the case the node2 is crashed and node1 is trying to communicate with node1 and trying to undeployed have the above errors. In this case will need to remove the references of node2 in the dsa files.

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

1) stop im_ps all the dsas that are trying to communicate with the opposite node2 in this case stop UserStore_userstore-01 and ca-prov-srv-01-imps*

as dsa user edit  in folder ./config/knowledge/ the files  im.dxg  and impd.dxg.(do a copy of these file just in case)

2) From this case the problem is resolved if remove all entries making reference to node2. ie:

source idm-userstore-02.dxc

source "ca-prov-srv-02-imps-router.dxc";

source "ca-prov-srv-02-impd-main.dxc";

source "ca-prov-srv-02-impd-co.dxc";

source "ca-prov-srv-02-impd-inc.dxc";

source "ca-prov-srv-02-impd-notify.dxc

3) after both files are saved start again all dsa's and im_ps;

4) after everything is up and running in the node try again undeploye the node2. you should be successfully undeployed and next

5) can deploy again adding the new Vaap node2.