search cancel

DH stops synchronizing to the DMS


Article ID: 7072


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


In a large environment with several DS reporting to a central Enterprise Management (EM) server it has been observed that rules generated in the DMS are not sent to the DS. 

When running sepmd -L DMS__ some of the subscribers show up in unavailable status and no rules are updated 

The only workaround consists in unsubscribing all DS from the DMS and resubscribing them. Then this works for some time, and it fails after a while 


Release: ACP1M005900-12.7-Privileged Identity Manager


This particular issue may come from an incorrect sequence of startups for the different machines in the environment.

When ControlMinder is stopped in a DS server, the status in the Enterprise Management it subscribes to with "sepmd -L DMS__" shows as "Unavailable". 

If a subscriber is offline, sepmdd will put the subscriber on an unavailable list and it will not try to update the subscriber. However, sepmdd will check the status of the unavailable subscriber periodically.  Once it is available, the subscriber will be off the unavailable list and getting updates again.

If this is not happening, the problem  could be, the data grows too fast. Last offset updated for the unavailable DS may be too small as compared to the last offset of the other DS.  In this case sepmdd may take a while to go back to data file to lookup the last offset for that DS. 

Technically this should not be a problem but if occurring, this may be an issue we need to look up in Technical Support.



Other than resubscribing the DS to the central DMS, which may be time-consuming, make sure that the Enterprise Management server, which contains the DMS that the different DS are subscribed to, is restarted prior to the other components in the infrastructure