Policy Server : CPU Spike : CleanServerCmds Error
Article ID: 52760
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We're running a Policy Server and we observe it is consuming high
CPU. I had to restart the service in order to solve the CPU spike.
From the Policy Server logs I noticed the following line :
[5279/46][Wed Jan 06 2010 08:44:04][SmPolicyServer.cpp:1095][ERROR]
Exception in JournalThread. Text: Policy store failed operation
'CleanServerCmds' for object type 'Policy store provider'. LDAP
Error Doing ServerCommand_Search: 85: Timed out
How can I solve this?
CPU. I had to restart the service in order to solve the CPU spike.
From the Policy Server logs I noticed the following line :
[5279/46][Wed Jan 06 2010 08:44:04][SmPolicyServer.cpp:1095][ERROR]
Exception in JournalThread. Text: Policy store failed operation
'CleanServerCmds' for object type 'Policy store provider'. LDAP
Error Doing ServerCommand_Search: 85: Timed out
How can I solve this?
Environment
Release: MSPPSF99000-12.51-Single Sign-On-Agent for Oracle PeopleSoft-MSP
Component:
Component:
Resolution
The problem you face is that the Policy Server reaches timeout by
searching object in class:
smservercommand4
because there are too much of such objects.
Running that command will give you the amount of stored objects:
ldapsearch -D "cn=Directory Manager" -w <password> -h <policystorehost> -p <port> \
-b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
objectclass=smservercommand4 | grep dn: | wc -l
Then, running that command will give you the list of all of the DNs of
every Management Command object:
ldapsearch -D "cn=Directory Manager" -w <password> -h <host> -p <port> \
-b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
objectclass=smservercommand4 smServerCommandOID4 \
| awk '/^smServerCommandOID4/ { print \
"smServerCommandOID4="$2",ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity" }'
Then, you will need to delete these with the following procedure:
- Stop all of the Policy Servers except one;
- Execute the delete command (on unix, by piping the above list
command into "ldapdelete"; on windows, capture the list of DN's into
a text file first);
- Restart the one Policy Server;
- Start all the remaining Policy Servers;
searching object in class:
smservercommand4
because there are too much of such objects.
Running that command will give you the amount of stored objects:
ldapsearch -D "cn=Directory Manager" -w <password> -h <policystorehost> -p <port> \
-b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
objectclass=smservercommand4 | grep dn: | wc -l
Then, running that command will give you the list of all of the DNs of
every Management Command object:
ldapsearch -D "cn=Directory Manager" -w <password> -h <host> -p <port> \
-b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
objectclass=smservercommand4 smServerCommandOID4 \
| awk '/^smServerCommandOID4/ { print \
"smServerCommandOID4="$2",ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity" }'
Then, you will need to delete these with the following procedure:
- Stop all of the Policy Servers except one;
- Execute the delete command (on unix, by piping the above list
command into "ldapdelete"; on windows, capture the list of DN's into
a text file first);
- Restart the one Policy Server;
- Start all the remaining Policy Servers;
Feedback
Yes
No
Powered by
