Policy server hangs and crashes with very high memory and CPU utilization.


Article ID: 51648


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



If an underlying ODBC data store returns huge amount of data (e.g.- configured response attribute returns huge data from underlying odbc user store) then Policy server may hang/crash while trying to fetch the larger number of records from underlying ODBC database.
This would result in very high CPU utilization and memory utilization.


IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create back up of the registry and ensure that you understand how to restore the registry if a problem may occur.
For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.

In order to restrict the number of records fetched from underlying ODBC data store, a new registry key "MaxResults" is introduced to just read the defined number of records from record set and stop fetching excessive data from the DB. The number of records fetched from database is controlled by this registry key.

When this registry key is set, in addition to restricting the number of records fetched from underlying ODBC store a warning message is also logged in the policy server SMPS log when the size of a configured response data is larger than a defined size limit.

This message will alert the user to the fact that they might be returning an invalid amount of data for a request. They can then review the results and determine where they wish to raise the limit if applicable or to change the statement that returned the value.

The registry has to be manually added in the following registry location:- \SiteMinder\CurrentVersion\Ds\ODBCProvider\MaxResults
Note:- The key ODBCProvider doesn't exist by default, the key has to be added manually and the registry key should be created in it.

When the registry key is set to a value greater than 0, a warning message will appear in the SMPS logs if the total number of attributes fetched from the ODBC user directory is greater than the value of registry key.

If the registry is not set or set to zero, no warning message will appear in the policy server SMPS logs irrespective of the number of attributes fetched from the ODBC database.

For example, registry can be added at
MaxResults = 2

==== Message in SMPS log=====
[3856/3728][Mon Aug 03 2009 16:16:51][SmDsOdbcProvider.cpp:837][INFO] Warning: The number of results (8) returned by the Query 'Select Name, 'Group' as Class from SmGroup order by Name' exceeded the maximum allowed value of (2)


Component: SMPLC