search cancel

Are there any known issues running the Policy Servers or CA Directory(as session store) with VM Snapshot backups(quiescent) and are any recommendations?

book

Article ID: 242826

calendar_today

Updated On:

Products

CA Single Sign-On CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

SiteMinder/Session Store on VM - Failed to update persistent session in Session Services.

We have the SiteMinder configured with the session store and everything works as expected.
All our infrastructure is on VMs (Windows 2016).
The issue is intermittently we have users reporting that they get kicked out during an active session while navigating within the SSO protected application and based on review of the logs, we see the below message and on further analysis we noticed that at the same time VM snapshot process is going on.

Failed to update persistent session in Session Services

Are there any known issues running the Policy Servers or CA Directory(as session store) with VM Snapshot backups(quiescent) and are any recommendations?

Environment

- Policy server version: 12.8 SP6
- Policy Store [Vendor/Version] CA Directory R14.2
- Session Store: CA Directory R14.2
- Session Store OS: Windows 2016 64-Bit

Resolution

Kindly note that It is NOT at all recommended to run VM snapshot or VMotion while the DSAs are online.

As the snapshot process may be placing a lock (or something of that sort) on the .db file, it is possible that information in transit or anything else can be affected. Also to consider, Symantec Directory DSAs uses memory mapped file (i.e. DXgrid) so that could also be playing a role when a snapshot at OS level is performed.

It is always recommended to stop the DSAs before taking any snapshot which helps you to close the memory mapped file that the DSA is constantly using and it is more secure as well.

Kindly understand that we don't test every possible scenario/option at our end so If you want to disable the quiescence option within VMWare Snapshot process, then kindly test at your end and see If that makes any difference. Also, kindly understand that we don't provide any assumptions/recommendations on the components which are out of CA/Broadcom support scope.

Again, It is NOT recommended to run VM snapshot or VMotion while the DSAs are online and we highly recommend customers to stop the DSAs before taking any snapshot which helps you to close the memory mapped file that the DSA is constantly using and it is more secure as well.