Release Notes › Known Issues › General Known Issues › Server Components Known Issues

Server Components Known Issues

This section describes known issues for CA ControlMinder server components (CA ControlMinder Endpoint Management, CA ControlMinder Enterprise Management, and Enterprise Reporting).

Privileged Account Requests and Daylight Savings Time (DST)

If either the Enterprise Management Server or the requester are in daylight savings time (DST), the following occurs when submitting a privileged account request:

• If the Enterprise Management Sever is in daylight savings time and the requester is not then the requested time period is one hour later than in the original request.
• If the Enterprise Management Server is not in daylight savings time and the requester is in daylight savings time then the requested period is one hour earlier than in the original request.

Searching in View Recorded Sessions

The following known issues occur when you click View to search View Recorded Sessions in the CA ControlMinder Endpoint Management Recorded Sessions tab:

• When you search for Activity Log Contains (default), no results or messages are displayed.
• When you search for UserID or LoginID, the UserName field displays n\a/n\a.

Open Session Does Not Work In iOS 5

Open session does not work in iOS 5 due to a problem with iOS. The command to select open sessions in iOS, returns closed sessions as well.

PMDB Subscribers Not Listed When PMDB Name Exceeds Than 25 Characters

Symptom:

If a PMDB is created with more than 25 characters, then its subscribers are not listed when, you view it using the Endpoint Management user interface.

Solution:

This is a known issue with the Endpoint Management user interface. Use the sepmd utility to view the list of subscribers. The command has the following format:

sepmd -l pmd

-l

Lists the subscribers of the Policy Model.

pmd

Specifies the name of the Policy Model.

Telnet Session is Not Supported by Open Sessions

Valid on Windows

Open session does not detect and recognize the Telnet session as a login. The Telnet session is not supported by open sessions on Windows.

Default Request Approver Not Configured

Valid on SunOne and CA Directory

If you use SunOne or the CA Directory user directory, configure the default request approver. You define the default request approver that all privileged account passwords requests are submitted to.

Follow these steps:

1. Log in to CA ControlMinder Enterprise Management as a System Manager.
2. Select Users and Groups, Tasks, Modify Admin Task.

   The Modify Admin Task: Search Admin Task window opens.

3. Enter Privileged Account Request in the Name field, then click Search.

   CA ControlMinder Enterprise Management displays the results that match the search criteria.

4. Select the Privileged Account Request and click Select.

   The Modify Admin Task: Privileged Account Request window opens.

5. Navigate to the Events tab and select the workflow process.

   The Workflow Process screen opens.

6. In the Default Approver section, select Add Users.

   The Select User screen opens.

7. Enter the name of the user you want to assign as a default approver and select Search.

   CA ControlMinder Enterprise Management displays the results according to the search criteria.

8. Click Select.

   The user that you selected is added as a default request approver.

9. Click OK to exit.

Note: The default request approver that you defined does not apply to users that you created before you installed the Enterprise Management Server. The default request approver for users that previously existed in the user directory is superamdin.

"No Managed Connections Available Within Configured Blocking Timeout" Error Message When Running Batch Operations

"Managed Connections Available Within Configured Blocking Timeout" error message received when you run batch tasks. For example, you attempt to run the automatic reset password task on a large group or accounts. The error message indicates that the JBoss application server has exhausted the available connections and cannot complete the task.

To work around this problem you need to increase the number of available connections in the pool:

1. Stop the JBoss application server.
2. Navigate to the following directory, where JBoss_HOME indicates the directory where you installed JBoss:

   JBoss_HOME/server/default/deploy/
   

3. Open the file imtaskpersistencedb-ds.xml for editing.
4. Locate the <max-pool-size> tag and set the value to 40.
5. Locate the <idle-timeout-minutes> tag and set the value to 1.
6. Comment out (<!--) the <blocking-timout-millis> tag as follows:

   <!--blocking-timeout-millis>5000</blocking-timeout-millis-->
   

7. Save and close the file.
8. Start the JBoss application server.

   You have increased the number of available connections in the pool. You can now run the task.

JBoss for Windows Sample Policy Failed to Deploy

The JBoss for Windows sample policy fails to deploy on an endpoint. The policy deployment process terminates with an internal error message indicating that a PROGRAM resource already exists.

To work around the problem, use the JBoss sample policy and modify the policy before you deploy it to create PROGRAM resources explicitly.

Error Message Displayed When Viewing Policy Management Reports in CA ControlMinder Enterprise Management

CA ControlMinder Enterprise Management displays a message that the task failed when attempting to view policy management reports.

To work around this problem, restart the JBoss application server and the CA Business Intelligence server (Report Portal).

A CA ControlMinder User Not Defined a Password Cannot Log Into the CA ControlMinder Enterprise Management Server

An CA ControlMinder user account without a password cannot log into the CA ControlMinder Enterprise Management Server.

Access Roles Are Not Supported in CA ControlMinder Enterprise Management

When you define admin role rules, select users that are members of admin roles. CA ControlMinder Enterprise Management does not support access roles. The access roles option should not appear in the interface.

"No Operation Required" Message When Modifying UNAB Host or Host Group

When modifying UNAB host or host group settings and submitting the changes, CA ControlMinder Enterprise Management displays the following message: "No operation required". Although this message indicates that no action was taken, the modifications you made to the UNAB host or host group were applied.

Control Characters May Cause an Application Exception

Control characters in the CA ControlMinder database may cause an application exception or render incorrectly in CA ControlMinder Endpoint Management and CA ControlMinder Enterprise Management.

Incomprehensible Characters In the User Interface

Symptom:

When I log into the CA ControlMinder Enterprise Management user interface, I see incomprehensible characters.

Solution:

The problem is that the database instance you are using does not fully support UTF8 international characters set. To correct this problem, you must reinstall CA ControlMinder Enterprise Management on a fully internationalized database instance.

Cannot Change the Trust Property of a Monitored File

In CA ControlMinder Endpoint Management, clearing the Trust check box on the Audit tab of a monitored file (SECFILE) resource fails when you try to save the changes.

To work around this issue and change this resource attribute, use selang.

CA ControlMinder Enterprise Management Time-Out When Creating Large Policies

The CA ControlMinder Enterprise Management user interface times out when you create a policy that contains more than 6000 commands. You cannot continue working in the user interface until CA ControlMinder Enterprise Management creates the policy. To work around this problem, open a new session by logging in to CA ControlMinder Enterprise Management from a new browser.

Cannot Deploy Policies That Contain a Trailing Backslash

Conventions for selang let you use a backslash character (\) as the last character of a line to indicate that the command continues on the following line. This is not supported by advanced policy management. Make sure that policy commands do not span multiple lines.

Note: The following sample policies CA ControlMinder provides contain a trailing backslash: _AC_WEBSERVICE, _APACHE, _JBOSS, _MS_SQL_SERVER, and _ORACLE.

Policy Script Validation Error Messages Are in a Different Language

Valid in CA ControlMinder Enterprise Management

If a policy deploys with errors, the selang result messages you see in CA ControlMinder Enterprise Management are in the installation language of the CA ControlMinder endpoint on the Enterprise Management server and not that of the CA ControlMinder Enterprise Management installation.

To see these messages in a localized language, you must install the CA ControlMinder endpoint on the Enterprise Management computer in the desired localized language before you install CA ControlMinder Enterprise Management.

Cannot View Audit Records for Terminals with Names Longer than 30 Characters

You cannot view audit records if the terminal name has more than 30 characters. This happens when CA ControlMinder Endpoint Management running on a Windows computer manages a UNIX endpoint.

PMDB Audit Records Are Not Visible When Managing the PMDB

When you manage a PMDB using CA ControlMinder Endpoint Management, you cannot see the PMDB’s audit records.

To work around this issue and view the audit records for the PMDB, connect to host where the PMDB resides.

Open Session For Network Devices Fails

If the privileged account name contains more than ten characters, open session for Network Devices fails.

"No Such Method" or "Failed to Reset Password" Error Message for Access Control for SAM Endpoint Types

Valid on Linux

When you install the Enterprise Management Server on a Linux computer, you receive the following error message when you define Access Control for SAM endpoints: "No Such Method".

If you specify that CA ControlMinder Enterprise Management resets a privileged account password on check in, when a user checks in a privileged account on an Access Control for SAM endpoint they receive the following error message: "Failed to Reset Password".

Follow these steps:

1. Stop the Java Connector Server. Do the following:
   1. Navigate to the following directory, where ACServerInstallDir refers to the directory where the Enterprise Management Server is installed:

      ACServerInstallDir/Connector_Server/bin
      

   2. Run the following command:

      ./im_jcs stop
      

      The Java Connector Server stops.

2. Open the im_jcs script for editing.
3. Locate and remove the following line from the script:

   PREJAR="$FULLBASEPATH/bin/jcs-bootstrap.jar:$FULLBASEPATH/
   conf:$FULLBASEPATH/lib/jcs.jar:"`echo $FULLBASEPATH/
   lib/apacheds-server-main-*-app.jar`
   

4. Copy the following line and paste it into the script:

   PREJAR="$FULLBASEPATH/bin/jcs-bootstrap.jar:$FULLBASEPATH/
   conf:$FULLBASEPATH/lib/jcs.jar:$FULLBASEPATH/
   lib/nlog4j__V1.2.25.jar:"`echo $FULLBASEPATH/lib/apacheds-server-main-*-app.jar`
   

   Important! Delete the carriage returns in the line after you paste it into the script.

5. Save the file.
6. Start the Java Connector Server.

   ./im_jcs start
   

   The Java Connector Server starts. You can now configure the Access Control for SAM endpoint type.

Telnet Automatic Login Not Supported on Solaris After Upgrade

Valid on Solaris

The Telnet automatic login is not supported on Solaris after you upgrade to CA ControlMinder 12.7.

Changes to Windows Services and Scheduled Tasks Are Not Discovered

Valid on Windows Server 2003

Symptom:

When you change a Windows Service or Windows Scheduled Task, the changes cannot be discovered.

Solution:

This is a known Microsoft issue. After you change the service or task on the endpoint, delete the existing password consumer. Use the Service Account Discovery Wizard to create a password consumer.

Approval of Service Account Password Request Fails

After you submit a request for a service account password, the request is not sent to the request approver and you cannot check out the service account password.

No Audit Record for Password Retrieval by JDBC Password Consumer

The Enterprise Management Server does not write an audit record when a JDBC password consumer gets a password from CA ControlMinder Enterprise Management.

Error Message When You Use Automatic Login to Log in to Oracle Enterprise Manager

Valid on Oracle

An error message appears when you use the automatic login option to log into the Oracle Enterprise Manager after you checked out an administrator account password. The error message appears if you terminated the last session by closing the browser window without logging off.

Remote Desktop Connection Fails When Endpoint Prompts for Password

Valid on Windows

The Windows Remote Desktop automatic login script fails to log into the endpoint if the endpoint Terminal Services settings are configured to always prompt for password on login.

SAM Accepts Ticket Numbers for Closed CA Service Desk Manager Tickets

Valid for integration with CA Service Desk Manager

If you specify the number for a closed CA Service Desk Manager issue or request ticket (ticket type=iss or cr) when you request access to a privileged account, CA ControlMinder Enterprise Management forwards the request to the approver.

Cannot Specify CA Service Desk Manager Change Order Ticket Number

Valid for integration with CA Service Desk Manager

If you specify the number for a CA Service Desk Manager change order ticket (ticket type=ch) when you request access to a privileged account, CA ControlMinder Enterprise Management does not forward the request to the approver.