PIM/PAMSC Effective Policy is not getting deployed on all endpoints
Article ID: 228636
Updated On:
Products
Issue/Introduction
Would like to kindly verify with you the reasons for an effective policy not getting deployed on the host.
Could this be related to the existing issue of our PAMSC environment which is having a lot of pending messages. I know every hour the agent's policyfetcher should be picking up any effective policy. The ENTM server shows the policy as pending
C:\Users\Administrator>sepmd -L DMS__
CA Privileged Access Manager Server Control sepmd v14.10.0.1119 - Policy Model management
Copyright (c) 2018 CA. All rights reserved.
Initial offset: 0
Last offset: 946311444
Subscriber Errors Flag Offset Next command
========== ======= ====== ======= ============
Topic: ac_server_to_server_broadcast (DH) 0 946311444
Message queue subscriber: Topic: ac_server_to_server_broadcast (DH)
Last update time : Sat Nov 13 15:30:22 2021
Daily messages sent : 1858
Subscriber name Pending messages Status Last update time
=============== ================ ====== ================
[email protected] 21 synced Sat Nov 13 15:25:40 2021
[email protected] 29234 synced Wed Jun 23 15:24:20 2021
[email protected] 14 synced Sat Nov 13 15:25:39 2021
Environment
Release :
Component :
Cause
The reason is the DH that the endpoint is connecting to is not receiving updates from the DMS as seen by the number of pending messages. Even when the status shows synced the updated policies cannot be delivered to the DH through the ActiveMQ processes so the DH expects that there are no additional updated policies. The number of pending messages should never stay above 100. If the Active MQ process is working then the DH service will grab all messages each time it goes over 100.
Resolution
Recycling the ActiveMQ service along with the seos endpoint agent services (secons -S) should resolve this issue. If the issue reoccurs then you may need to open a support ticket to evaluate why.
Feedback
