|Applies To||RSA Product Set: ClearTrust Entitlements Server 5.5.3 through 6.2|
|Issue||ClearTrust eserver configuration for replicated datastores|
Changes made to entitlements or password status are not reflected correctly in the aserver.
Example of logs seen in aserver
|Cause||When records in the ClearTrust/Access Manager datastore are modified by the Entitlements Manager or through the Admin API they cause the aserver cache records to be poisoned. This causes the aservers to fetch updated records from the datastore. In instances where the eserver is writing to a different replicated datastore from the aserver, replication delays can cause the aservers to retrieve stale data.|
Set the following line in your eserver.conf file.
This should be set to the typical replication delay between the datastore used by the entitlements server and the authentication servers. A value of 3 (seconds) should be good, but it depends on your replication topology and load.
This value sets the time the eserver waits before telling the aservers to force a refresh of a changed item in the aserver cache.
|Notes||For Active Directory datastores you can confirm the actual latency by running the "repadmin /latency" command.|
|Legacy Article ID||a32280|