Identity Manager - User Certifications Hung.

book

Article ID: 3982

calendar_today

Updated On:

Products

DIRECTORY CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On SECURITY MISC CODES SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

When submitting a number of User Certifications, some do not complete and remain in a hung state. It is possible for Certifications to complete that were started after the hung certifications. So the problem is random.

Errors:

DEBUG [ims.tmt.events] CertifyRoleEvent IMSEvent.setAttribute next_state:invalid >> null
org.jboss.util.NestedSQLException: No ManagedConnections available within
configured blocking timeout (5000 [ms]); - nested throwable:

Cause

Having "User Sync" and "Account Sync" set on every event for the Certification task can cause this problem.

Environment

Release:
Component: IDMGR

Resolution

To resolve this issue:

Switch it to "On Task Completion" for both the User Sync and the Account Sync.
This will speed up the certification process and prevent the certifications from hanging.

To release the hung certifications:

The hung certification process is most likely due to the blocking timeout value that is currently set.

Example Errors:

DEBUG [ims.tmt.events] CertifyRoleEvent IMSEvent.setAttribute next_state:invalid >> null
ERROR [ims.tmt.events] Failed to get task session org.jboss.util.NestedSQLException:
No ManagedConnections available within configured blocking timeout ( 5000 [ms] ); - nested throwable:

Modify this timeout value in the Task Persistence Config File.

<blocking-timeout-millis>5000</blocking-timeout-millis>

Bump up this value and re-test. (Start by raising the value to 8000).

The file to modify is here:

<Jboss>\server\default\deploy\imtaskpersistencedb-ds.xml

If you do not have a test environment in which to test, the tasks would need to be rerun.
We also recommend running the Task Persistence clean up script:
C:\Program Files\CA\IAM Suite\Identity Manager\tools\db\taskpersistence

There is a SQL query that needs to be run.

It is a two part process:

First there is a script to mark the completed tasks (which can be edited to mark pending tasks as well).
Then there is a SQL procedure to run (to delete the pending and completed tasks).