Siteminder Policy Server Crash Due to Misconfigured Buffer Tracing
search cancel

Siteminder Policy Server Crash Due to Misconfigured Buffer Tracing

book

Article ID: 267438

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The Siteminder Policy Server 'smpolicysrv' process can encounter a race condition and crash unexpectedly under a rare misconfiguration involving a specific combination of settings.

 

 

Environment

PRODUCT: Symantec Siteminder

COMPONENT: Policy Server

VERSIONS: r12.8.4 - r12.8.7

Cause

The crash can occur when the "BufferTracing" setting is enabled and the Policy Server Profiling (Tracing) is disabled.

These settings can be configured in either the Siteminder Administrative Console (smconsole), or in the Policy Server registry

[smconsole]

[Siteminder Registry]

WINDOWS

a) Run 'regedit.exe'

b) Browse to the following registry hive:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig

c) The following keys control Policy Server profiler and Buffer  Tracing Settings:

BufferedTracing=               0x1;                                   REG_DWORD
InMemoryTraceConfig=     /opt/CA/siteminder/config/sminmemorytracedefault.txt;    REG_SZ
InMemoryTraceFilePath=  /opt/CA/siteminder/log/;    REG_SZ
InMemoryTraceSize=        0x64;                                 REG_DWORD
TraceRolloverOnStart=     0x1;                                   REG_DWORD
TraceRolloverSize=          0x19;                                  REG_DWORD

TraceConfig=                           ;                                  REG_SZ
TraceConfig1=             /opt/CA/siteminder/config/smtracedefault.txt;    REG_SZ
=========================================

1 (0x1) = Enabled

0 (0x0) = Disabled

Defining the path in the 'TraceConfig1' key Enables Policy Server Profiling (Tracing).

 

By default the Symantec Siteminder Policy Server ships with the following settings set by default:

BufferedTracing= 0x0 ;

TraceConfig1=            ;

(above) shows both the Policy Server tracing and Buffer Tracing disabled by default.  Enabling the Policy Server Profiler (tracing) does not automatically enable Buffer Tracing.  Using the smconsole, Buffer Tracing cannot be toggled on or off without first enabling Profiler tracing.  

This condition occurs when someone enables Profiling, then enabled Buffer Tracing, then disables Profiling and leaves Buffer Tracing enabled.  This can also occur by JUST enabling Buff Tracing in the 'sm.registry' without also enabling Tracing.

 

 

Resolution

 

Ensure that if the Policy Server Profiler (Tracing) is disabled, then Buffer Tracing is also disabled.

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig

BufferedTracing= 0x0;    REG_DWORD
TraceConfig1=           ;    REG_SZ
=========================================

SOLUTION:

Download and apply the patch which corresponds to the version of the Siteminder Policy Server you are running:

Patch for Buffer Tracing Crash

99111787    SiteMinder Solution for the Policy Server Crash due to Enabled Buffering r12.8.04
99111788    SiteMinder Solution for the Policy Server Crash due to Enabled Buffering r12.8.05
99111790    SiteMinder Solution for the Policy Server Crash due to Enabled Buffering r12.8.06a
99111789    SiteMinder Solution for the Policy Server Crash due to Enabled Buffering r12.8.07

See also the notification (See Addtional Information).  This also includes details of the problem and the solution.

 

Additional Information

Recommended SiteMinder Policy Server Patch to Avoid Crash

 

Powered by Wolken Software