search cancel

PAM node is part of cluster and under syncing

book

Article ID: 228522

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Even after the DRS function from Vmware for the appliance is disabled, getting below error and the CA PAM node is getting unavailable quite frequently. This is happening after the new CA PAM node is being added to the cluster.

 

 

Cause

The cause for this is to be looked into the log files, after being extracted from the logs.bin file.

As per the log file, the Database transcations did not complete from the Master node which is pushing the CA PAM database to the newly added node. Below is from Cluster log file.

11/10/21 06:45:03 - aactrl.sh:  The cluster stop database dump cannot be used; necessary transactions have been purged from the parent DB at <this node IP>.
11/10/21 06:45:03 - aactrl.sh:  The backup from cluster stop is being deleted because it is unsuitable for replication.
11/10/21 06:45:03 - aactrl.sh:  Do binary log sync = 
11/10/21 06:45:03 - aactrl.sh:  Requesting a full database dump
11/10/21 06:45:04 - aactrl.sh:  Secondary member downloading from its leader
11/10/21 06:45:05 - aactrl.sh:  Waiting for dump to be ready
11/10/21 06:46:08 - aactrl.sh:  Database dump is ready on the master.  Retrieving the dump ...
11/10/21 06:46:08 - aactrl.sh:  Downloading database dump
11/10/21 06:48:22 - Syncing with the master database failed.
11/10/21 06:48:22 - aactrl.sh:  SITE_COUNT=2 PRIMARY_SITE_INDEX=0 MY_SITE_INDEX=1 IS_MASTER_SITE=0 IS_SECONDARY_SITE=1 MY_PHPSESSID=11
11/10/21 06:48:22 - aactrl.sh:  SITE_COUNT=2 PRIMARY_SITE_INDEX=0 MY_SITE_INDEX=1 IS_MASTER_SITE=0 IS_SECONDARY_SITE=1 MY_PHPSESSID=11

Environment

Release: 3.4.0

Component: PRIVILEGED ACCESS MANAGEMENT

Resolution

First, the node that is showing up the message "This CA PAM node is part of the cluster and is in the process of syncing. Try again later. Click here to login" needs to be removed from the cluster.
To do this follow the steps as documented in the product guide. https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4/deploying/set-up-a-cluster/cluster-synchronization-promotion-and-recovery.html

Connect to the Master node that is pushing the database to the member of the cluster using Putty, for this engagement of the Technical Support Team is required.
- Delete the file "fulldump.mbi.gz" located in the /var/tmp directory

Next, connect to the node that fails to bring up the login prompt using Putty.
- Delete the file "fulldump.mbi.gz" located in the /var/tmp directory

Add the node that was giving the problem back to the existing cluster and this should help in a proper synchronization of the problem node database.

Attachments