SEOSD is consuming high CPU on servers with UNAB installed.

book

Article ID: 4517

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

We have seen issues with both PIM 12.8.1 and UNAB 12.8.1 where /opt/CA/uxauth/etc/wgrp.db becomes large and causes performance problems with seosd. This manifests as high CPU usage with seosd and our watchdog killing and restart seosd. 

Cause

This is caused by large /opt/CA/uxauth/etc/wgrp.db files of Windows AD groups. 

Environment

Privileged Identity Manager Endpoint 12.8.1 and UNAB Endpoint 12.8.1

Resolution

To see if excluding wgrp-related processing resolves the problem please do the following to disable use of /opt/CA/uxauth/etc/wgrp.db. 

1. Shut down UNAB using /opt/CA/uxauth/lbin/uxauthd.sh stop

2. Remove the Windows groups database file by renaming it;  mv  /opt/CA/uxauth/etc/wgrp.db  /opt/CA/uxauth/etc/wgrp.db-prev

3. Edit /opt/CA/uxauth/etc/uxauth.ini and set the tokens in the [agent] section

 use_wingrp=no

 wingrp_update_startup = 0

 wingrp_update_mode = 0

4. Start UNAB using /opt/CA/uxauth/lbin/uxauthd.sh start. 

Additional Information

Please note that disabling windows groups could cause login issues with your end users due to how you defined the login policy. If the polices are for users given direct login access over using a Windows group then users will be able to login. However, if you pushed a policy that allows users in a specific AD group to login to the server then you cannot use this workaround.