SEOSD is consuming high CPU on servers with UNAB installed.

Document ID : KB000004517
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We have seen issues with both PIM 12.8.1 and UNAB 12.8.1 where /opt/CA/uxauth/etc/wgrp.db becomes large and causes performance problems with seosd. This manifests as high CPU usage with seosd and our watchdog killing and restart seosd. 

Environment:
Privileged Identity Manager Endpoint 12.8.1 and UNAB Endpoint 12.8.1
Cause:

This is caused by large /opt/CA/uxauth/etc/wgrp.db files of Windows AD groups. 

Resolution:

To see if excluding wgrp-related processing resolves the problem please do the following to disable use of /opt/CA/uxauth/etc/wgrp.db. 

1. Shut down UNAB using /opt/CA/uxauth/lbin/uxauthd.sh stop

2. Remove the Windows groups database file by renaming it;  mv  /opt/CA/uxauth/etc/wgrp.db  /opt/CA/uxauth/etc/wgrp.db-prev

3. Edit /opt/CA/uxauth/etc/uxauth.ini and set the tokens in the [agent] section

 use_wingrp=no

 wingrp_update_startup = 0

 wingrp_update_mode = 0

4. Start UNAB using /opt/CA/uxauth/lbin/uxauthd.sh start. 

Additional Information:

Please note that disabling windows groups could cause login issues with your end users due to how you defined the login policy. If the polices are for users given direct login access over using a Windows group then users will be able to login. However, if you pushed a policy that allows users in a specific AD group to login to the server then you cannot use this workaround.