Policy Server : CPU Spike : CleanServerCmds Error


Article ID: 52760


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We're running a Policy Server and we observe it is consuming high
CPU. I had to restart the service in order to solve the CPU spike.

From the Policy Server logs I noticed the following line :

  [5279/46][Wed Jan 06 2010 08:44:04][SmPolicyServer.cpp:1095][ERROR]
  Exception in JournalThread. Text: Policy store failed operation
  'CleanServerCmds' for object type 'Policy store provider'. LDAP
  Error Doing ServerCommand_Search: 85: Timed out

How can I solve this?


Release: MSPPSF99000-12.51-Single Sign-On-Agent for Oracle PeopleSoft-MSP


The problem you face is that the Policy Server reaches timeout by
searching object in class:


because there are too much of such objects.

Running that command will give you the amount of stored objects:

ldapsearch -D "cn=Directory Manager" -w <password> -h <policystorehost> -p <port> \
-b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
objectclass=smservercommand4 | grep dn: | wc -l

Then, running that command will give you the list of all of the DNs of
every Management Command object:

ldapsearch -D "cn=Directory Manager" -w <password> -h <host> -p <port> \
-b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
objectclass=smservercommand4 smServerCommandOID4 \
| awk '/^smServerCommandOID4/ { print \
"smServerCommandOID4="$2",ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity" }'

Then, you will need to delete these with the following procedure:

- Stop all of the Policy Servers except one;

- Execute the delete command (on unix, by piping the above list
  command into "ldapdelete"; on windows, capture the list of DN's into
  a text file first);

- Restart the one Policy Server;
- Start all the remaining Policy Servers;