PAMSC / OnePAM -- login integration is not working when one distribution (Utility) server is down
search cancel

PAMSC / OnePAM -- login integration is not working when one distribution (Utility) server is down

book

Article ID: 233992

calendar_today

Updated On: 10-19-2023

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

We found that even though 2 distribution servers were define when one is down the login integration fails

Environment

Release : 3.x 4.x

Component :

Cause

There are several configuration options that limit the ability of the PUPM endpoint to failover to additional distribution servers

Resolution

Using a simple method of removing one utility server (or distribution server) at a time and flip-flopping between the 2 utility servers defined I can confirm that when the PUPM agent is configured appropriately  It can go back and forth between the defined ActiveMQ servers. Using the configuration settings below in the /etc/accomon.ini will allow for failover

 

04-Feb-2022 18:01:41: [ACMQ INFORMATION]: ACMQ_Init [448]: Connecting to Server URL = failover:(ssl://xxx.xxx.xxx.yyy:61616,ssl://xxx.xxx.xxx.zzz:61616)?maxReconnectAttempts=5.

04-Feb-2022 18:01:41: [ACMQ INFORMATION]: ACMQ_Init [579]: Successfully connected to the Distribution Server ssl://xxx.xxx.xxx.yyy:61616,ssl://xxx.xxx.xxx.zzz:61616 with user = +reportagent

04-Feb-2022 18:01:41: [ACMQ INFORMATION]: ACMQ_Init [448]: Connecting to Server URL = failover:(ssl://xxx.xxx.xxx.yyy:61616,ssl://xxx.xxx.xxx.zzz:61616)?maxReconnectAttempts=5.

04-Feb-2022 18:01:41: StartServerCommunicationQueue> OK, QueueName = 'ac_server_to_endpoint', Filter = 'AC_DESTINATION_COMPONENT='PUPM' AND (DESTINATION_ACID='e4d63eb0-1580-0001-b217-515fca000000' OR (DESTINATION_ACID='PAM_ENDP_INTEGR' AND (DESTINATION_HOST='xxxxxx' OR DESTINATION_HOST='XXXXXX' OR DESTINATION_HOST='xxxxxx.bpc' OR DESTINATION_HOST='XXXXXX.BPC' OR DESTINATION_HOST='xxx.xxx.xxx.yyy')))'

04-Feb-2022 18:01:41: [ACMQ INFORMATION]: ACMQ_Init [579]: Successfully connected to the Distribution Server ssl://xxx.xxx.xxx.yyy:61616,ssl://xxx.xxx.xxx.zzz:61616 with user = +reportagent

 

 

 

[PupmAgent]

 


; Defines the plugin Scheduling type

; Values: 0 - Execute once

;         1 - Execute on demand

;         2 - Execute every N seconds

;         3 - Execute by schedular string e.g. 00:00@Sun,Mon,Tue,Wed,Thu,Fri,Sat

; Default value = 1 (Execute on demand)

ScheduleType = 1

 


; Specifies whether to send registration message to server on Agent startup.

; Values: 0 - Pupm Agent will not send registration message to server.

;         1 - Pupm Agent will send registration message to server.

; Default value = 1

AutoRegister = 1

 

 

 

[communication]

 


; Defines the URL of the Distribution Server (DS). Define multiple

; DSs using a comma-separated list of URLs.

; Example: ssl://10.0.0.1:61616 - for SSL connection

; Example: tcp://dist_example.com:7222 - for non SSL connection

; Example: tcp://ds.example.com:7222,tcp://ds_dr.example.com:7222 - for multiple DSs

; Default: "none"

 


Distribution_Server = ssl://xxx.xxx.xxx.yyy:61616,ssl://xxx.xxx.xxx.zzz:61616

Powered by Wolken Software