Customers may encounter the Risk Authentication service startup failures when the data in the ARRFTRUSTEDIPLIST grows big. The problem occurs when the count in the ARRFTRUSTEDIPLIST table contains large amount of data ( In this case it was 4 Million+), leading to service start-up failures. Below log lines are observed in the arcotriskfortstartup.log file.

Fri Jul 07 07:23:15.235 2023 LOW:     pid 12084 tid 12084: 2: 0: ArDBM::Executing Query[ArRFTrustedIPQuery_FetchAll]
Fri Jul 07 07:23:47.752 2023 LOW:     pid 12084 tid 12084: 2: 0: Releasing in primary, ctxtIndex=2
Fri Jul 07 07:23:47.752 2023 WARNING: pid 12084 tid 12084: 2: 0: ArDBM::Caught Unknown Exception in _DbOp!.
Fri Jul 07 07:23:47.752 2023 WARNING: pid 12084 tid 12084: 9: 0: TRUSTEDIP : ArRFCODBOps::getTrustedIPLists:Error occured while fetching untrusted ip list details. Unknown Exception in DBM::_DbOp!.
Fri Jul 07 07:23:47.752 2023 LOW:     pid 12084 tid 12084: 9: 0: TRUSTEDIP : Exiting ArRFCODBOps::getTrustedIPLists
Fri Jul 07 07:23:50.996 2023 LOW:     pid 12084 tid 12084: 9: 0: TRUSTEDIP : Destroying old TrustedIPList cache
Fri Jul 07 07:23:50.996 2023 LOW:     pid 12084 tid 12084: 9: 0: TRUSTEDIP : Old TrustedIPList cache destroyed

Release : 9.1

CA Risk Authentication

ARRFTRUSTEDIPLIST table contains large amount of data exceeding the count limit to 4 Million+. The process is unable to load the trusted IPs into the cache when the number of rows in the ARRFTRUSTEDIPLIST table reaches a certain limit. This limit is likely to rely on the size of the RAM as the product relies on contiguous memory allocation in the Risk Auth machine for loading the IP's in cache.

To address the problem, we can eliminate the outdated entries from the table. Presently, the product is configured to retain the version numbers for all the historically added records in the Trusted IP list. For instance, if we initially upload 100 IP addresses to the Trusted IP list, and subsequently add 10 more IP addresses, the version number will increment to 2. This version will encompass 110 records, while the total count in the ARRFTRUSTEDIPLIST table will be 210. Therefore, it is advisable to delete the outdated records from the table. The instructions for doing so are provided below.

• The data can be deleted from the ARRFTRUSTEDIPLIST and ARRFUNTRUSTEDIPLIST table using the below query:

  • DELETE FROM ARRFTRUSTEDIPLIST  WHERE versionnumber IN (  SELECT DISTINCT dataversion FROM ARRFSYSORGCONFIG  WHERE orgname = '<Specify-the-orgname>' AND configname = '<RuleSetName>' AND configType = 'TRUSTEDIP' AND dtcreated < TRUNC(SYSDATE-730));

  •         DELETE FROM ARRFUNTRUSTEDIPLIST  WHERE versionnumber IN (  SELECT DISTINCT dataversion FROM ARRFSYSORGCONFIG  WHERE orgname =<Specify-the-orgname>' AND configname = '<RuleSetName>' AND configType = 'UNTRUSTEDIP' AND dtcreated < TRUNC(SYSDATE-730));
• Once the changes are done Risk Authentication service needs a restart.
• Verify the arcotriskfortstartup.log file and make sure that the services started fine and then the application login verification can be done.