Policy Server : CPU Spike : CleanServerCmds Error
search cancel

Policy Server : CPU Spike : CleanServerCmds Error


Article ID: 52760


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



When running a Policy Server it can be observed that the Policy Server
is consuming high CPU. A restart of the Policy Server might be needed
in order to solve the CPU spike.

From the Policy Server logs it can be noticed the following line :

  [5279/46][Wed Jan 06 2010 08:44:04][SmPolicyServer.cpp:1095][ERROR]
  Exception in JournalThread. Text: Policy store failed operation
  'CleanServerCmds' for object type 'Policy store provider'. LDAP
  Error Doing ServerCommand_Search: 85: Timed out



Policy Server 12.8SP5 on RedHat 7;




The problem faced is that the Policy Server reaches timeout by
searching object in class:


because there are too much of such objects in the Policy Store.




Running that command will give you the amount of stored objects:

  # ldapsearch -D "cn=Directory Manager" -w <password> -h <policystorehost> -p <port> \
    -b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
    objectclass=smservercommand4 | grep dn: | wc -l

Then, running that command will give you the list of all of the DNs of
every Management Command object:

  # ldapsearch -D "cn=Directory Manager" -w <password> -h <host> -p <port> \
    -b ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity \
    objectclass=smservercommand4 smServerCommandOID4 \
    | awk '/^smServerCommandOID4/ { print \
    "smServerCommandOID4="$2",ou=PolicySvr4,ou=siteminder,ou=netegrity,o=netegrity" }'

Finally, you will need to delete these with the following procedure:

  - Stop all of the Policy Servers except one;

  - Execute the delete command (on unix, by piping the above list
    command into "ldapdelete"; on windows, capture the list of DN's into
    a text file first);

  - Restart the one Policy Server;
  - Start all the remaining Policy Servers;