|Applies To||RSA Access Manager 6.0|
RSA ClearTrust 5.5.3
|Issue||Access Manager server is slow and aserver log has "unable to send data to receiver" messages.|
aserver.log shows a large number of the following error messages:
messageID=-2,internal_error,description='Unable to send data to receiver.',details='java.io.IOException: Unable to send data to receiver.'
Customers report intermittent slow performance and long times to authenticate or authorize.
The unable to send data to receiver message simply implies that the agents have exceeded the 15 second response time and have failed over to an alternate aserver. This suggest that the aservers response time is very poor. The most critical component of aserver performance is the response time from the datastore. The most likely reason for poor aserver response times is a slow LDAP server.
LDAP profile shows large queries of this type to the policy repository
ou=ctscPolicyRepository, dc=rsasecurity, dc=com
Check the processor usage on the LDAP server to ensure that it is not CPU limited. Run profiling tool on the LDAP server to identify any queries that may be causing the LDAP server to have a high CPU usage. If the LDAP server is overloaded identify and correct the cause of the slow performance. If RSA Access Manager is causing the slowdown review the type of entitlements that are being used.
Group Based entitlements are not very efficient and may result in queries being run on the LDAP server that are very processor intensive. Group based entitlements are not indefinitely scalable, and may not be practicable for all installations. If performance is not satisfactory the following solutions must be considered.
|Notes||See solution RSA ClearTrust Authorization Server shows a large number of 'Unable to send data to receiver' errors|
|Legacy Article ID||a52746|