search cancel

Configuring a Distribution Server (DS) to point to an ENTM server does not work

book

Article ID: 254214

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Trying to configure a Distribution server (DS) to point to an Enterprise Management (ENTM), the DS is not showing in the list of subscribers under the ENTM.

For the sake of simplicity let's assume we are installing the DS in machine machineB, whereas the ENTM is in machineA. This is the result of the commands for checking configuration

In machineA (server) :

C:\Users\Administrator>sepmd -L DMS__
CA ControlMinder sepmd v12.91.0302 - Policy Model management
Copyright (c) 2013 CA. All rights reserved.

Initial offset:      0
Last offset:         15902688

Subscriber                             Errors    Flag     Offset   Next command
==========                             =======   ======   =======  ============
Topic: ac_server_to_server_broadcast (DH)       0                 15902688

Message queue subscriber: Topic: ac_server_to_server_broadcast (DH)
Last update time        : Wed Nov 09 15:45:01 2022
Daily messages sent     : 4

Subscriber name                Pending messages       Status          Last update time
===============                ================       ======          ================
[email protected]                  0                      synced          Wed Nov 09 15:44:55 2022


In machineB:

E:\Program Files\CA\AccessControlDistServer\APMS\AccessControl\Data\DH__>sepmd -L DH__WRITER
CA ControlMinder sepmd v12.91.0302 - Gestione modello di criterio
Copyright (c) 2013 CA. All rights reserved.

Offset iniziale:      0
Ultimo offset:         38704

Sottoscrittore                             Errori    Flag     Offset   Comando successivo
==========                             =======   ======   =======  ============
Queue: ac_server_to_server (DMS)        0                 38704

 

However, the Tibco configuration is correct and the right queues are created both for the ENTM and DS machines. Ports 7243 or 7222 are equally open.

Issue persists even after attempting to resubscribe the DS to the DMS, and even after explicitly pointing the DH__ and DH__WRITER of the DS server to the DMS in the ENTM

In the endpoint_management.log log file under the DH__ folder in the DS machine, the following error messages appear

11/10/[email protected]:09:27      ACMQ COMPONENT(0x1228):    [TIBCO ERROR]: tibemsMsgConsumer_Receive failed on line: 1214 with error: 1; additional info: Server = ssl://localhost:7243; Topic = (null); timeout = 0
11/10/[email protected]:09:27      ACMQ COMPONENT(0x1228):    [TIBCO ERROR]: TIBCO error string: '2022-11-10 11:09:27: Consumer is closed.'
11/10/[email protected]:09:27      ACMQ COMPONENT(0x1228):    [TIBCO ERROR]: TIBCO error stack trace:
_tibemsMsgConsumer_receiveInternal
_tibemsMsgConsumer_receive
tibemsMsgConsumer_Receive

 

 

 

Environment

CA PIM 12.8.X, 12.9.X and 14.X (also PAM SC 14.X)

OS: Windows but likely also applicable to Linux and Unix

Cause

This is due to PIM blocking access to configuration during the setup in the ENTM.

Looking for error messages in PIM logs, messages similar to the following can be found

09 Nov 2022 15:39:18 D FILE         NT AUTHORITY\SYSTEM Read, Write   69  2 E:\Program Files\CA\AccessControlServer\Connector Server\data\system\master.db E:\java\jdk1.8.0\bin\java.exe  NT AUTHORITY\SYSTEM (OS user)   

Resolution

Setting the FILE class in WARNING mode or explicitly authorizing the user who is performing the installation to access the files under <PIM_server_base_dir>\AccessControlServer\Connector Server\data\ and reinstalling the DS will allow this problem to be overcome.