Are there any known issues running the Policy Servers or CA Directory(as session store) with VM Snapshot backups(quiescent) and are any recommendations?
search cancel

Are there any known issues running the Policy Servers or CA Directory(as session store) with VM Snapshot backups(quiescent) and are any recommendations?

book

Article ID: 242826

calendar_today

Updated On:

Products

CA Single Sign-On CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

SiteMinder/Session Store on VM - Failed to update persistent session in Session Services.

CA SiteMinder is configured with the session store and everything works as expected.

All the infrastructure is on VMs (Windows 2016).

The issue is intermittently the users reporting that they get kicked out during an active session while navigating within the SSO protected application and below message was observed in the logs and on further analysis It has been identified that at the same time VM snapshot process is going on.

Failed to update persistent session in Session Services

Are there any known issues running the Policy Servers or CA Directory(as session store) with VM Snapshot backups(quiescent) and are any recommendations?

Environment

- Policy server version: Applicable to all the fully supported releases/environment.
- Policy Store [Vendor/Version] CA Directory R14.2
- Session Store: CA Directory R14.2
- Session Store OS: Windows 2016 64-Bit

Resolution

Kindly note that It is NOT at all recommended to run VM snapshot or VMotion while the DSAs are online.

As the snapshot process may be placing a lock (or something of that sort) on the .db file, it is possible that information in transit or anything else can be affected. Also to consider, Symantec Directory DSAs uses memory mapped file (i.e. DXgrid) so that could also be playing a role when a snapshot at OS level is performed.

It is always recommended to stop the DSAs before taking any snapshot which helps to close the memory mapped file that the DSA is constantly using and it is more secure as well.

Kindly understand that Broadcom QA team does not test every possible scenario/option internally so If a user wants to disable the quiescence option within VMWare Snapshot process, then it is recommended to test thoroughly and see If that makes any difference. Also, kindly understand that support doesn't provide any assumptions/recommendations on the components which are out of CA/Broadcom support scope.

Again, It is NOT recommended to run VM snapshot or VMotion while the DSAs are online and It is always recommended to stop the DSAs before taking any snapshot which helps to close the memory mapped file that the DSA is constantly using and it is more secure as well.

Powered by Wolken Software