search cancel

Getting frequent messages Successfully connected to the Distribution Server in endpoints UNAB agent logs

book

Article ID: 254058

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

After installing Installed new uxauth-1410.40-137.x86_64 the agent logs are full of messages indicating there is a connection to the distribution server.

These messages keep repeting every 3 minutes. For instance

Nov  7 07:19:20 fakename uxauthd[90782]: Successfully connected to the Distribution Server ssl://fakename.broadcom.net:61616
Nov  7 07:22:23 fakename uxauthd[90782]: Successfully connected to the Distribution Server ssl://fakename.broadcom.net:61616
Nov  7 07:25:27 fakename uxauthd[90782]: Successfully connected to the Distribution Server ssl://fakename.broadcom.net:61616
Nov  7 07:30:09 fakename uxauthd[90782]: Successfully connected to the Distribution Server ssl://fakename.broadcom.net:61616

Should these messages be of concern, and may they be a possible source for causing excessive connections to the Distribution Server ?

Environment

CA PAM SC 14.X

Cause

There is a setting in uxauth.ini, message_read_interval = 183 in UNAB parameter file, uxauth.ini which controls (in seconds) every how much time the unab endpoint needs to connect to the distribution server to check updates to the policies. 

Likely the message are there because  ds_interaction_mode = 2 (default) in uxauth.ini, which means that UNAB connects (and disconnects afterwards) to DS as per the other factors, e.g., here it is every 3 minutes as per message_read_interval setting. 

ACMQ logs that message at LOG_INFO level during connection establishment.   

So this mechanism actually saves connections on the DS side by not hogging a connection for the whole time UNAB is up.  In the old mechanism, ds_interaction_mode was 1 which  meant that the UNAB agent was permanently connected to the DS.

From the point of view of DMS/DH, if there is no new policy and new updates related to the policy, ENTM (DMS__) itself will not be overloaded as it has nothing to do at that moment. There is no close interaction between ENTM and UNAB, all communication is done through ActiveMQ.

DMS__ is working during HEARTBEAT operation, or when it gets DEPLOYMENT status from UNAB (through ActiveMQ messages). If something goes wrong in UNAB and it starts sending messages again and again, it may cause the situation when DMS__ is overloaded, but that does not necessarily have anything to do with the connection itself. 

On the other hand, endpoints connect to DS (ActiveMQ, no DH or DMS) for about 1 sec to receive whatever message it is being sent and then disconnects and that by default every 3 minutes, so the likelihood that exactly during that exact 1 second period a lot of Enpoints happen to try to connect is low.   

Assuming connections are distributed uniformly in time, then if one has X EPs and X * 1 / 180 > 1, simultaneous connections will occur, but the server side is written to handle it - at least, a reasonable overlap of them so there should be no problem.   

With huge number of EPs, it may make sense increasing message_read_interval setting makes sense, say to 900, i.e., once every 15 minutes or so. 

Resolution

No action needs to be taken. Message is normal, unless proved that simultaneous connections are causing issues.