Policy Server crashes when creating new Access Role and member is another Access Role

Document ID : KB000113624
Last Modified Date : 14/09/2018
Show Technical Document Details
Question:
We are testing CA IDM 14.2 & CA SSO 12.8 integration and we found a problem that causes the Policy Server to crash when the following condition occurs:

- We create a new Access Role, user attribute based. It creates correctly, and we can see it from CA SSO AdminUI.
- We create a new One Access Role, and we include as Member, the Access Role previously created. Then, we get the error:
"ImsRuntimeException:MemberPolicy.postCreate"
And the Policy Server crashes, restarting automatically.

On server.log we see:
11:06:17,197 ERROR [ims.default] (Thread-35 (HornetQ-client-global-threads-829200539)) No tasks are being added to role 
11:23:44,343 ERROR [stderr] (Thread-38 (HornetQ-client-global-threads-829200539)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure] 


On IDM logs we see:
11:22:47,403 ERROR [stderr] (Thread-70 (HornetQ-client-global-threads-1093751839)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure] 
11:22:47,409 ERROR [ims.llsdk.policy.ridiculouslydetailed] (Thread-70 (HornetQ-client-global-threads-1093751839)) [facility=0 severity=3 reason=0 status=8 message=Tunnel Agent failure] 
11:22:47,419 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-70 (HornetQ-client-global-threads-1093751839)) Exception: : [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] 
11:22:47,475 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-70 (HornetQ-client-global-threads-1093751839)) Execution of event: CreateAccessRoleEvent failed. Exception encountered: ImsRuntimeException:MemberPolicy.postCreate 
11:22:47,479 ERROR [com.netegrity.ims.businessprocess.IMSEventController] (Thread-70 (HornetQ-client-global-threads-1093751839)) Error during event execution [a1952b49-1cde4f41-a5a1564f-764a42e4] CreateAccessRoleEvent 


On smps.log we see:
[2940/1498][11:20:16][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 
[2940/1498][11:20:16][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 
[2940/3038][11:21:23][PolicyCache.cpp:1307][INFO][sm-Server-02880] Building policy cache ... 
[2940/3038][11:21:23][PolicyCache.cpp:1406][INFO][sm-Server-02890] Building policy cache done 
[2940/6617][11:23:07][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 
[2940/6617][11:23:07][ImsCommandUtils.cpp:615][ERROR][sm-log-00000] SmImsCommand (findPSObject) Provider call failed 
Error Code was: -2147418010 
Error Message: Object Not Found 


 
Environment:
CA IDM R14.2
Policy Server R12.8 on Windows 2012 R2
Answer:
This issue is affecting R12.7 and R12.8, and will be fixed in the upcoming releases below:
12.7.03
12.8.02
You need to upgrade to the above versions to avoid that race condition to occur and solve the issue.