search cancel

VIP Enterprise Gateway LDAP Sync Hangs While Starting | Java Heap Space Error

book

Article ID: 175498

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

After a server reboot, or while manually starting the LDAP Sync service from the EG Console, the Symantec Ldap DirSync Service process is stuck in a starting state.

A log entry similar to the following appears in the service.out log for User Store Sync.

INFO   | jvm 1    |  Exception in thread "Thread-5" java.lang.OutOfMemoryError: 

or 

INFO   | jvm 1    |  Could not reserve enough space for 2048000KB object heapJava heap space

Cause

There are 3 different LDAP services

  • Symantec Ldap Sync Service - LDAP synchronization simulation 
  • Symantec Ldap DirSync Service - Scheduled LDAP synchronization jobs. When enabled in the VIP EG console settings, the Windows service Startup Type = Automatic, Status = Running. When stopped from the console, the service is stopped and Startup Type = Manual
  • Symantec Ldap RunOnce Service  - One-time LDAP synchronization when 'Synchronize Now' is selected.

Each service relies on a JVM initialized by the VIP EG to start the service. If Java cannot allocate enough contiguous memory required by the JVM heap, the error will occur:

STATUS | wrapper  | 2020/08/15 02:19:08 | Launching a JVM...
INFO   | jvm 1    | 2020/08/15 02:19:09 | Error occurred during initialization of VM
INFO   | jvm 1    | 2020/08/15 02:19:09 | Could not reserve enough space for 1431552KB object heap

 

Resolution

This issue is resolved in VIP Enterprise Gateway 9.10. If unable to upgrade, follow these steps:

Is your VIP Enterprise Gateway server hosted on a VMWare\ESX virtual machine? The ESX host could be reallocating memory when the service stops and prevent it from restarting. Allocating additional memory and disabling memory sharing in the VM settings may help. Most of the time, a system reboot will resolve the issue. If not, follow these steps:

  1. Open the Windows Services console and stop all Symantec LDAP services. If any are stuck at 'starting', set the service to disabled and wait a minute for the service to stop. Refresh to confirm. 
  2. Set the Symantec Ldap DirSync Service to Automatic, then set any other Symantec LDAP services to manual. Do not start the services.
  3. Launch notepad.exe with admin privilege, then open \VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf\ldapsync.conf
  4. Locate and edit the ldapsync.mode value to service (example: ldapsync.mode = service)
  5. Locate and edit the ldapsync.protection value to false (example: ldapsync.protection = false)
  6. Save the file and restart the server. The LDAP sync services should show as running in the VIP EG console and Windows Services. 

Alternatively, you can attempt to adjust the Java heap size higher or lower. Prior to making any adjustments, disable VM memory sharing and if possible, allocate additional memory to the machine before proceeding:

For the error java.lang.OutOfMemoryError: Java heap space -- gradually increase the heap size to no more than 4GB. 

For the error Could not reserve enough space for xxxxxxxxKB object heap -- gradually decrease the heap size (i.e., 1100).

Windows:

The Java heap size can be modified by changing the value of wrapper.java.maxmemory in the following file:

<VIP_EG_INSTALL_DIR>\Symantec\VIP_Enterprise_Gateway\LdapSync\Services\ldapSync\conf\wrapper2.conf

Follow steps 1-6 above to restart the Symantec VIP Enterprise Gateway server and LDAP service. 

 

Linux:

The Java heap size can be modified in Linux be increasing the value in the below location:

<VIP_EG_INSTALL_DIR>/ldapSync/bin

Edit the portion in RED 

if [ -s "services/ldapSync/conf/ldapsync.conf" ]; then

  cd $MSAS_HOME/bin

  export CMD="${JAVA_HOME.EN_US}/bin/java -Xms32m -Xmx3g -XX:+UseG1GC -Duser.language=en -Duser.region=US -Duser.country=US -Dcom.sun.jndi.ldap.connect.pool.timeout=1800000 -DVRSN_MAUTH_HOME=$MSAS_HOME/.. com.verisign.ldapSync.scheduler.LDAPSyncScheduler --config-file"

  export CFG="${MSAS_HOME.EN_US}/services/ldapSync/conf/ldapsync.conf"

else

  echo "ERROR: directory ${MSAS_HOME.EN_US}/services/ldapSync/conf does not contain a known configuration file!"

  exit -1

fi

After making this change, restart the VIP Enterprise Gateway Server.

Attachments