search cancel

SiteMinder Policy Server inserting Audit Information in both Primary and Secondary database.

book

Article ID: 53844

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

We have two policy servers and we have configured an ODBC failover for two different databases used as audit store, but we have rows in the two databases, there are even more rows in the second database.

Could you help us to find out what is wrong in this configuration?

 

Environment

Release:
Component: SMPLC

Cause

Cause:
SiteMinder Support has validated customer's configuration and the fail over configuration is good, however the Policy Server is having issues when it tries to insert audit information into the audit store.

Snippet of SiteMinder Policy Server log:

<- Begin
 
[2536/5312][Fri Apr 17 08:46:49][ERROR] Exception occurred while executing audit log insert
[2536/5312][Fri Apr 17 08:46:49][ERROR] Exception occurred while executing audit log insert
[2536/5312][Fri Apr 17 08:46:49][ERROR] Exception occurred while executing audit log insert
[2536/5312][Fri Apr 17 08:46:50][ERROR] Exception occurred while executing audit log insert
[2536/5312][Fri Apr 17 08:46:50][ERROR] Exception occurred while executing audit log insert
[2536/5312][Fri Apr 17 08:46:50][ERROR] Exception occurred while executing audit log insert
[2536/5312][Fri Apr 17 08:46:50][ERROR] Exception occurred while executing audit log insert
 
-> End

Policy Server is failing over to the second database due to high number of audit exceptions.

Audit exception means that the Policy Server was unable to insert audit information into the Audit Store, there are several reasons for this issue and they have been documented in the KB article (KD477999) "Exception occurred while preparing audit log bulk insert in SiteMinder Policy Server".

Resolution

Solution:

To fix this problem, customer has to eliminate the audit exceptions otherwise the policy server will attempt to insert audit information in the second database.

As a work around you can ask your Oracle DBA to move the information manually from the secondary audit database to the primary using either export/import utilities or via db link.