Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRC] After SRC upgrade, SAE is not able to manage devices

0

0

Article ID: KB33445 KB Last Updated: 05 Sep 2019Version: 2.0
Summary:

After SRC upgrade (especially from or before SRC-PE-4.7.0 to SRC-PE-4.8.0 or after), all aspects of the upgrade works as expected, and SAE starts successfully. However, SAE fails to manage any devices or subscribers or services.

It also shows that SAE is not listening on port 3288, which it is supposed to.

 

Symptoms:

JDB access log indicates the error log which complains about "Sizelimit Exceeded"

11:16:00.441 EDT 11.07.2018 [NA][main] [AccessManager] [50] Service scopes could not be read [net.juniper.smgt.sae.datamgr.c: Failed to load scope to vr mapping:javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'o=Network, o=UMC']. Will keep trying.
 
Cause:

Due to the nature of the upgrade from SRC-PE-4.7.0 or before to SRC-PE-4.8.0 or after, JDB slapd size limit is set to default value, which is 2000. This means that JDB can hold only 2000 lines/entries of config, which results in SAE only being able to read those 2000 lines and not the entire configuration as it is supposed to.

Solution:

To find the number of entries of the configuration on SRC, follow the procedure below from the working SRC prior to upgrade.

In the following example, there are 5564 entries of config on SRC:

root@test123> request system ldap data export file-name /var/tmp/src-backup.ldif
Done

root@test123> start shell bash
[root@test123 ~]#
[root@test123 ~]# grep entry-id /var/tmp/src-backup.ldif | tail -1
# entry-id: 5564
[root@test123 ~]#


Hence, JDB server configuration needs to be changed to accommodate the entries with SRC configuration.

root@test123# set system ldap server maximum-entries-returned 8000

[edit]
root@test123# commit
commit complete.

[edit]
root@test123# show system ldap server
maximum-entries-returned 8000;
stand-alone;

[edit]
root@test123#


After performing the above step, import the ldif captured from the SRC prior to upgrade. Then restart the system for JDB and all other components like SAE to note the configuration that was added.

SAE should then be able to manage devices, subscribers and services.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search