CA Access Control database check with search for positive results. Written specifically for Single Sign-On.
search cancel

CA Access Control database check with search for positive results. Written specifically for Single Sign-On.

book

Article ID: 50782

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

It is suggested to check the AC database for problems rather than rebuilding them regularly. This is suggested because although a rebuild is a good thing, other outside factors can cause serious problems if something disrupts the rebuild process. Some things which could happen are:

  • System Crash
  • System maintenance
  • AC Service was not stopped prior to the rebuild.
  • AC Service started while rebuild is running
    • AC Watchdog Services restarted AC while the rebuild was running
    • SSO Watchdog started SSO and AC services while the rebuild is running.
    • System utility restarts services automatically if they are down.

Solution:

Please see the below commands which might be used to create an AC database check script.

Note: These are only example commands to run an AC DB check and verify the success/failure of the check. You or your Services team will need to be responsible for creating the script and ensuring it works properly.

mkdir C:\ACCheck
cd c:\ACCheck
dbmgr -backup .
dbmgr -u -all seos_odf.dat | find "succ" > ACCheck.log
dbmgr -u -all seos_cdf.dat | find "succ" >> ACCheck.log
dbmgr -u -all seos_pdf.dat | find "succ" >> ACCheck.log
dbmgr -u -all seos_pvf.dat | find "succ" >> ACCheck.log

So in the example above the ACCheck.log will show 8 lines of success messages like below if the AC DB was ok.

Index Check Completed succ = four times
Free Index Check Completed succ = four times

If there are less than 8 lines someone should look into the AC DB Consistency or run a full AC database index rebuild.

If you think it might be inconsistent then run the whole check process again and ensure that they are consistent results.

If you need to rebuild the AC database indexes move onto the steps below;

  • Shutdown the SSO services (SSO Server and SSO Watchdog)
    • This is to ensure the AC services will stay shutdown during the rebuild
  • Shutdown the AC Services
    • Use the secons -s command from a command line
  • Shutdown or disable any monitoring services that would automatically detect an automatic service and start it if it is stopped.
  • Backup the AC Database (seosdb) directory (dbmgr -backup <foldername>)
  • cd to \CA\ACINSTALLDIR\data\seosdb
  • Run the actual index rebuild on the AC database files in the seosdb folder.

Commands are;

dbmgr -u -build seos_odf.dat
dbmgr -u -build seos_cdf.dat
dbmgr -u -build seos_pdf.dat
dbmgr -u -build seos_pvf.dat

Check the output for success.

Note: you may see deleted records noted in the live AC database index rebuild which is normal.

  • Start up AC services
    • Use the seosd -start command from a command line
  • Start up SSO services (SSO server and Watchdog)
  • Startup any monitoring processes that you have installed.

As Always, If you have any questions or concerns with the technical information provided in this document, please contact CA Support.

Environment

Release: SOASA199000-12.1-SOA Security Manager-w/ SOA Agent Addl CPUs
Component:
Powered by Wolken Software