Most of the tasks fail in Privileged Identity Manager.
search cancel

Most of the tasks fail in Privileged Identity Manager.

book

Article ID: 41690

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Most of the tasks submitted in the Privileged Identity Manager management console is failing. Example: create policy, assign policy, etc.

Environment

PIM Enterprise Management 12.8 and above

Cause

The tibco queues ac_server_to_server_local and queue/audit had over a combined 2 Million events.

The queue/audit was backed up due to UAR.

Resolution

We checked and purged the Tibco queues and tasks started to complete in Enterprise Manager. The queue ac_server_to_server_local was backed up and we provided fix B51S013 (bridges.conf) to stop the buildup.

ac_server_to_server_local queue backup: Fix # B51S013


This fix doesn't replace files just provides instructions on how to fix the issue.

 

PROBLEM RESOLUTION: Follow the instructions below:
1) Stop Message Queue service
a) "CA ControlMinder Message Queue" from services panel in Windows
b) Linux : /etc/init.d/ca-acrptmq stop

2) Please go to the below directories based on the type of Server and Operating System.
a) Windows :
{AccessControlServer_HOME}\MessageQueue\tibco\cfgmgmt\ems\data
b) Linux :
{AccessControlServer_HOME}/MessageQueue/tibco/cfgmgmt/ems/data
c) For Linux External DS:
{AccessControlDistServer_HOME}/ACMQ/tibco/cfgmgmt/ems/data
d) For other type of servers, similar hierarchy exists.
3) Open bridges.conf in simple editor, at the last line of file, you will find below text

queue=ac_server_to_server_local

4) Append the below text. Please note space before keyword 'selector'.
selector="AC_SOURCE_COMPONENT='DMS' AND AC_DESTINATION_COMPONENT='DH'"

After making changes , it should appear as below queue=ac_server_to_server_local selector="AC_SOURCE_COMPONENT='DMS' AND AC_DESTINATION_COMPONENT='DH'"

5) Start Message Queue service
a) "CA ControlMinder Message Queue" from services panel in Windows
b) Linux : /etc/init.d/ca-acrptmq start

6) Once Message Queue is started connect to 'Start EMS Administration Tool' and run 'purge queue ac_server_to_server_local' from the command line.

For Additional Distribution Server, Load Balancers, Disaster Recovery, nodes in High Availability machine where Tibco server is installed, above changes need to be made separately for each instance of server.

Powered by Wolken Software