DMS__ unresponsive & DH__ stuck in Synchronization
search cancel

DMS__ unresponsive & DH__ stuck in Synchronization

book

Article ID: 217014

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

 

Sometimes the synchronization between Enterprise Management DMS and DH gets stuck, here a sample of one of the possible causes and how to fix this one.

 

 

Environment

Windows 2012 and 2016 

PAMSC 14.1

Cause

Sepmd -L DMS__ once we get reply, that some DH__ are stuck on synchronizing

 

[email protected] 2915                   synchronizing   Fri Jun 04 12:32:40 2021
[email protected] 2914                   synchronizing   Fri Jun 04 12:32:40 2021

Noticed in endpoint management.log on DH__

 

05/30/[email protected]:21:59         ACMQ COMPONENT(0x1804):       [INFORMATION]: ACMQ_Init [445]: Connecting to Server URL = failover:(ssl://localhost:61616)?maxReconnectAttempts=5.05/30/[email protected]:21:59    DH SYNCHRONIZATION THREAD(0x2af0):      PMD directory = "D:\PAMSCDistServer\APMS\PAMSC\Data"
05/30/[email protected]:21:59       DH SYNCHRONIZATION THREAD(0x2af0):      Failed to rename "D:\PAMSCDistServer\APMS\PAMSC\Data\DH__\seos_apm.db" to "D:\PAMSCDistServer\APMS\PAMSC\Data\DH__\seos_apm.db.bak", error = 13
05/30/[email protected]:21:59         ACMQ COMPONENT(0x1804):       [INFORMATION]: ACMQ_Init [576]: Successfully connected to the Distribution Server ssl://localhost:61616 with user = reportserver
.05/30/[email protected]:21:59        ACMQ COMPONENT(0x1804):       [INFORMATION]: ACMQ_Terminate [864]: Terminate connection to Distribution Server
.05/30/[email protected]:21:59      DH SYNCHRONIZATION THREAD(0x2af0):      Rollback was successfully completed
05/30/[email protected]:21:59       DH SYNCHRONIZATION THREAD(0x2af0):      Failed to update policy database files, error = -1

 

 

 

Resolution

Solution: 

The root cause of the issue is in network resolution of group "Computer Associates" during backup of pmd.audit file. 

"Computer Associates" is a default value of pmd\logmgr\audit_group registry value. 

When DMS__ renames original pmd.audit to backup and creates new pmd.audit it performs resolving from group name to group SID using Windows native API (LookupAccountNameA). This function is hanging for a long time, as a result all other threads are hanging and DMS__ is unresponsive. 

The applied workaround is to set this value to 'none'. It means only Administrators are allowed to access the file. 

 

Powered by Wolken Software