Failed to Insert Audit Records after upgrading to 12.8 SP4 and higher releases

book

Article ID: 221407

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

- After Upgrading from 12.7 SP2 to 12.8 SP4 and higher Releases , Policy Server is Failing to insert Audit Records in an SQL Audit Database (oracle or other) which is causing Delay in Auth Transactions 

- policy Server is attempting to insert the Records in the Audit store and keeps failing with the following 

444][8420][11:50:31.755][11:50:31][CSmDbODBC.cpp:1472][CSmDbConnectionODBC::CheckForError][][][][][][][][][][][][22001][-1][[CA SSO][ODBC Oracle Wire Protocol driver]String data, right truncated. Error in parameter 12.][][][][][][SQL Error.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[06/23/2021][11:50:31.755][4444][8420][            Leave function CSmDbConnectionODBC::DoExecute][11:50:31][CSmDbODBC.cpp:1969][CSmDbConnectionODBC::DoExecute][][][][][][][][][][][][][-1][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[06/23/2021][11:50:31.755][4444][8420][            ][11:50:31][CSmDbODBC.cpp:362][CSmDbConnectionODBC::MapResult][][][][][][][][][][][][-1][][[CA SSO][ODBC Oracle Wire Protocol driver]String data, right truncated. Error in parameter 12.][][][][][][ODBC Error: State = 22001 Internal Code = 0 - s - MappedResult:-4007][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[06/23/2021][11:50:31.755][4444][8420][            LogMessage:ERROR:[sm-Server-04590] Failed executing single audit log insert: Internal Error: Database error.  Code is -4007 (DBMSG: <<<State = 22001 Internal Code = 0 - s>>>). Code: -4007. DB Code: -1][11:50:31][SmReportsODBCLog.cpp:942][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[06/23/2021][11:50:31.755][4444][8420][            Closing statement handle  '554891040'.][11:50:31][CSmDbODBC.cpp:4336][CSmDbConnectionODBC::DoClose][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[06/23/2021][11:50:31.755][4444][8420][            Release connection reference. ReferenceCount = '25'][11:50:31][CSmDbConnection.cpp:241][CSmDbConnection::ReleaseReference][]


Attempted to reconnect 15 times and then gave up and record dropped eventually and user marked still as Authenticated 

[06/23/2021][11:50:33.787][4444][8420][            All 15 attempts to flush audit records to the audit database have failed.  We disable the retry mechanism until at least one write is successful.][11:50:33][SmReportsODBCLog.cpp:1134][SmReportsLogAccess][
[06/23/2021][11:50:33.787][4444][8420][            LogMessage:ERROR:[sm-Server-02700] Failed to write audit log record. Record dropped.][11:50:33][SmReportsODBCLog.cpp:1182][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[06/23/2021][11:50:33.787][4444][8420][            LogMessage:ERROR:[sm-Server-02700] Failed to write audit log record. Record dropped.][11:50:33][SmReports.cpp:1812][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][

 

Environment

Release : 12.8 SP4 and Higher on Windows and Linux OS 

Component : SITEMINDER -POLICY SERVER

Resolution

Customer upgraded 12.7.02 to 12.8.04, The difference observed between both versions is 

-  Data direct Odbc driver is upgraded.

-  Added new parameter enableNcharsupport=0  in 12.8.04  (related to N-types NCHAR, NVARCHAR2, and NCLOB support by the Driver) 

 

This registry setting should be there for audit data source enableNcharsupport=0 in registry as Indicated in the guide 

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/configure-odbc-databases-as-policy-session-key-and-audit-stores/configure-odbc-databases-as-audit-store/store-audit-logs-in-oracle.html

 

 

https://knowledgebase.progress.com/articles/Article/8556

Enable N-CHAR Support
Attribute EnableNcharSupport (ENS)

Description
Determines whether the driver provides support for the N-types NCHAR, NVARCHAR2, and NCLOB. These types are described as SQL_WCHAR, SQL_WVARCHAR, and SQL_WLONGVARCHAR, and are returned as supported by SQLGetTypeInfo. In addition, the "normal" char types (char, varchar2, long, clob) are described as SQL_CHAR, SQL_VARCHAR, and SQL_LONGVARCHAR regardless of the character set on the Oracle server.
See "Unicode Support" on page 300 for details.

NOTE: Valid only on Oracle 9i and higher.