|
|
|
This section describes items you should consider when using CA Access Control server components (CA Access Control Endpoint Management, CA Access Control Enterprise Management, and Enterprise Reporting).
The following CA Access Control components rely on communications with the CA Access Control Message Queue for some functionality:
These components may not be able to communicate with the Message Queue if it is not running, the configuration options are not set correctly for the Message Queue host or queue, or a generic network error is present.
If communication between any of these components and the Message Queue cannot be established or breaks down, the communication does not resume automatically when the problem is fixed. To work around this issue you must fix the communication issue and then restart the CA Access Control component.
The host name of the CA Access Control endpoint must be 15 characters or less. If the host name of the CA Access Control computer exceeds 15 characters, you cannot use CA Access Control Endpoint Management to log into the endpoint.
When you undeploy a policy that does not have an associated undeploy script, CA Access Control automatically generates the required script to remove the policy. This script is based on the deployment script.
If you want to remove the policy but keep the policy rules (from the deployment script), provide an undeployment script with a rule that does not modify anything (for example, er GPOLICY policyName).
When you create a PUPM endpoint in CA Access Control Enterprise Management, the host name that you specify in the Name field must match the host name that appears in World View.
If the endpoint is an Active Directory endpoint, specify the NETBIOS domain name in the Host Domain field. If the endpoint is not an Active Directory endpoint, specify the NETBIOS host name in the Host Domain field, not the DNS domain name. For example, if an endpoint is not an Active Directory endpoint, specify the NETBIOS host name (ACSERVER) in the Host Domain field and not the endpoint DNS domain name (acserver.company.com).
If you specify the DNS domain name, advanced features, such as PUPM Automatic Login, fail.
Do not configure more than a single CA Identity Manager provisioning connector server in CA Access Control Enterprise Management.
When you configure an CA Identity Manager provisioning connector server, do not specify the CA Identity Manager provisioning server SSL port (20390). If you specify the connector server SSL port, the connection to the connector server fails.
If you use a Check Point firewall on an SSH endpoint, you cannot use PUPM to change the password for the expert account on the endpoint. This restriction means that the expert account must be a disconnected account in PUPM.
Valid on SQL Server
The SQL Server command utility sqlcmd does not support blank passwords. If you defined the SQL Server endpoint as a password consumer in CA Access Control Enterprise Management and check out a password from PUPM, do not leave the password field empty. You can specify the account password or any other string as the password.
| Copyright © 2012 CA. All rights reserved. |
|