Release NotesKnown IssuesGeneral Known Issues › Server Components Known Issues

Previous Topic: PUPM Known Issues

Next Topic: Documentation Known Issues

Server Components Known Issues

This section describes known issues for CA Access Control server components (CA Access Control Endpoint Management, CA Access Control Enterprise Management, and Enterprise Reporting).

Out of Memory Error:GC Overhead Limit Exceeded

Valid on UNIX

The following error message appear in the JBoss server log if the system or garbage collection settings are not properly configured:

"java.lang.OutOfMemoryError: GC overhead limit exceeded"

To solve this issue, do the following:

  1. Stop the JBoss application server.
  2. Navigate to the following directory, where JBOSS_HOME indicates the location where you installed JBoss: 
    JBOSS_HOME\bin
  3. Edit the run_idm.bat file.
  4. Locate the JAVA_OPTS variable and add the following arguments: 
    " -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseConcMarkSweepGC %JAVA_OPTS%"
  5. Save the file and exit.
  6. Start the JBoss application server.

Example: the JAVA_OPTS variable

The following example shows the JAVA_OPTS variable after you added the new arguments:

set JAVA_OPTS=-Djava.security.policy=.\workpoint_client.policy -Xms512m -Xmx1024m -XX:MaxPermSize=256m -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseConcMarkSweepGC %JAVA_OPTS%
Default Request Approver Not Configured

Valid on SunOne

If you use SunOne user directory, you need to configure the default request approver. You define the default request approver that all privileged account passwords requests are submitted to.

To configure the default request approver, do the following:

  1. Log in to CA Access Control Enterprise Management as a System Manager.
  2. Select Users and Groups, Tasks, Modify Admin Task.

    The Modify Admin Task: Search Admin Task window opens.

  3. Enter Privileged Account Request in the Name field, then click Search.

    CA Access Control Enterprise Management displays the results that match the search criteria.

  4. Select the Privileged Account Request and click Select.

    The Modify Admin Task: Privileged Account Request window opens.

  5. Navigate to the Events tab and select the workflow process

    The Workflow Process screen opens.

  6. In the Default Approver section, select Add Users.

    The Select User screen opens.

  7. Enter the name of the user you want to assign as a default approver and select Search.

    CA Access Control Enterprise Management displays the results according to the search criteria.

  8. Click Select.

    The user you selected is added as a default request approver.

  9. Click OK to exit.

Note: The default request approver you defined does not apply to users that you created before you installed the Enterprise Management Server. The default request approver for users that previously existed in the user directory is superamdin.

"No Managed Connections Available Within Configured Blocking Timeout" Error Message When Running Batch Operations

"Managed Connections Available Within Configured Blocking Timeout" error message received when you run batch tasks. For example, you attempt to run the automatic reset password task on a large group or accounts. The error message indicates that the JBoss application server has exhausted the available connections and cannot complete the task.

To work around this problem you need to increase the number of available connections in the pool:

  1. Stop the JBoss application server.
  2. Navigate to the following directory, where JBoss_HOME indicates the directory where you installed JBoss: 
    JBoss_HOME/server/default/deploy/
  3. Open the file imtaskpersistencedb-ds.xml for editing.
  4. Locate the <max-pool-size> tag and set the value to 40.
  5. Locate the <idle-timeout-minutes> tag and set the value to 1.
  6. Comment out (<!--) the <blocking-timout-millis> tag as follows: 
    <!--blocking-timeout-millis>5000</blocking-timeout-millis-->
  7. Save and close the file.
  8. Start the JBoss application server.

    You have increased the number of available connections in the pool. You can now run the task.

JBoss for Windows Sample Policy Failed to Deploy

The JBoss for Windows sample policy fails to deploy on an endpoint. The policy deployment process terminates with an internal error message indicating that a PROGRAM resource already exists.

To work around the problem, use the JBoss sample policy and modify the policy before you deploy it to create PROGRAM resources explicitly.

Error Message Displayed When Viewing Policy Management Reports in CA Access Control Enterprise Management

CA Access Control Enterprise Management displays a message that the task failed when attempting to view policy management reports.

To work around this problem, restart the JBoss application server and the CA Business Intelligence server (Report Portal).

Cannot Use Non-English User Names When Installing the Enterprise Management Server

You cannot specify non-English user names if you specify to use Active Directory when you install the Enterprise Management Server.

To work around this issue, modify the user non-English characters to English characters in Active Directory.

A CA Access Control User Not Defined a Password Cannot Log Into the CA Access Control Enterprise Management Server

An CA Access Control user account without a password cannot log into the CA Access Control Enterprise Management Server.

Access Roles Are Not Supported in CA Access Control Enterprise Management

When you define admin role rules, select users that are members of admin roles. CA Access Control Enterprise Management does not support access roles. The access roles option should not appear in the interface.

"No Operation Required" Message When Modifying UNAB Host or Host Group

When modifying UNAB host or host group settings and submitting the changes, CA Access Control Enterprise Management displays the following message: "No operation required". Although this message indicates that no action was taken, the modifications you made to the UNAB host or host group were applied.

Control Characters May Cause an Application Exception

Control characters in the CA Access Control database may cause an application exception or render incorrectly in CA Access Control Endpoint Management and CA Access Control Enterprise Management.

Incomprehensible Characters In the User Interface

Symptom:

When I log into the CA Access Control Enterprise Management user interface, I see incomprehensible characters.

Solution:

The problem is that the database instance you are using does not fully support UTF8 international characters set. To correct this problem, you must reinstall CA Access Control Enterprise Management on a fully internationalized database instance.

Cannot Change the Trust Property of a Monitored File

In CA Access Control Endpoint Management, clearing the Trust check box on the Audit tab of a monitored file (SECFILE) resource fails when you try to save the changes.

To work around this issue and change this resource attribute, use selang.

CA Access Control Enterprise Management Time-Out When Creating Large Policies

The CA Access Control Enterprise Management user interface times out when you create a policy that contains more than 6000 commands. You cannot continue working in the user interface until CA Access Control Enterprise Management creates the policy. To work around this problem, open a new session by logging in to CA Access Control Enterprise Management from a new browser.

Cannot Deploy Policies That Contain a Trailing Backslash

Conventions for selang let you use a backslash character (\) as the last character of a line to indicate that the command continues on the following line. This is not supported by advanced policy management. Make sure that policy commands do not span multiple lines.

Note: The following sample policies CA Access Control provides contain a trailing backslash: _AC_WEBSERVICE, _APACHE, _JBOSS, _MS_SQL_SERVER, and _ORACLE.

Policy Script Validation Error Messages Are in a Different Language

Valid in CA Access Control Enterprise Management

If a policy deploys with errors, the selang result messages you see in CA Access Control Enterprise Management are in the installation language of the CA Access Control endpoint on the Enterprise Management server and not that of the CA Access Control Enterprise Management installation.

To see these messages in a localized language, you must install the CA Access Control endpoint on the Enterprise Management computer in the desired localized language before you install CA Access Control Enterprise Management.

Cannot View Audit Records for Terminals with Names Longer than 30 Characters

You cannot view audit records if the terminal name has more than 30 characters. This happens when CA Access Control Endpoint Management running on a Windows computer manages a UNIX endpoint.

PMDB Audit Records Are Not Visible When Managing the PMDB

When you manage a PMDB using CA Access Control Endpoint Management, you cannot see the PMDB’s audit records.

To work around this issue and view the audit records for the PMDB, connect to host where the PMDB resides.