We have seen issues with both PIM 12.8.1 and UNAB 12.8.1 where /opt/CA/uxauth/etc/wgrp.db becomes large and causes performance problems with seosd. This manifests as high CPU usage with seosd and our watchdog killing and restart seosd.
This is caused by large /opt/CA/uxauth/etc/wgrp.db files of Windows AD groups.
Privileged Identity Manager Endpoint 12.8.1 and UNAB Endpoint 12.8.1
To see if excluding wgrp-related processing resolves the problem please do the following to disable use of /opt/CA/uxauth/etc/wgrp.db.
1. Shut down UNAB using /opt/CA/uxauth/lbin/uxauthd.sh stop
2. Remove the Windows groups database file by renaming it; mv /opt/CA/uxauth/etc/wgrp.db /opt/CA/uxauth/etc/wgrp.db-prev
3. Edit /opt/CA/uxauth/etc/uxauth.ini and set the tokens in the [agent] section
wingrp_update_startup = 0
wingrp_update_mode = 0
4. Start UNAB using /opt/CA/uxauth/lbin/uxauthd.sh start.
Please note that disabling windows groups could cause login issues with your end users due to how you defined the login policy. If the polices are for users given direct login access over using a Windows group then users will be able to login. However, if you pushed a policy that allows users in a specific AD group to login to the server then you cannot use this workaround.