search cancel

Active Directory connection problems and UNAB restart

book

Article ID: 214557

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

 

Question : Is it normal that UNAB will automatically restart following failure to communicate with AD? 

 

 

Cause

On UNAB operation, we found on a couple of machines that following a connection problem vs Active Directory UNAB performs a restart.

Following you can see some row of  "uxauth" grep in the log /var/log/messages:


May  6 03:02:17 machinename uxauthd[15284]: No connection to domain 'domainname', watcher thread started.
May  6 03:05:16 machinename uxauthd[15284]: Critical problem to access Active Directory.
May  6 03:05:16 machinename uxauthd[15284]: Agent auto restart now.
May  6 03:05:16 machinename uxauthd[15284]: Executed command '(sleep 3; /opt/CA/uxauth/lbin/uxauthd.sh restart)&', return code = 0.
May  6 03:05:23 machinename systemd: Stopping CA Technologies UNAB daemon (uxauthd)...

 

Environment

Release : 14.1

UNAB version is 14.10.0.1494 but happens in all versions, seen in 14.10.0.1707   

Resolution

 

Answer: The restart is the method that unab agent has to resolve agent problems in general (e.g., agent's memory leak, lack of DC connectivity, etc.).   
 
You can work around the problem by putting those bad DCs on the ignore_dc_list token.   Unless that is done by the way, you can experience login delays when one of those bad DCs is picked up for servicing a login.