This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too many open files

Tried my first business role in IG and had 11 464 members in the role. I did an initial setup with one role from UA configured as a permission in the business role. When publishing the business role the fulfillment process started an pretty soon I got error messages in the UA catalina log, mostly complaining on too many open files. I did also get some fulfillment errors in IG with messages such as: "Invalid User Application Authentication or Forbidden operation. Validate User Application credentials". 

What could be the most likely cause of those errors?

  • Greetings,

    Based upon your write-up, I have the following impression:

    1) The IDM AE Permission Collector was utilized
    2) The IDM Automated Fulfillment was configured for the above Application Source
    3) The Business Role has the permission(s) set to Auto Grant and Auto Revoke on the Permission(s) being authorized

    If the above is true, then when the BR was activated  and via the calculation the 11,464 users were seen as not having the permission(s) in the catalog it was determine to create Grant requests for each one (NOTE: You can add a column in the BR Detection Tab to see more data like Auto Grants and Auto Revoke)

    A) If there is just one (1) permission and 11,464 users that do not have the permission, here will be 11,464 grant requests created.
    B) Based upon "A" there will then be 11,464 SOAP (1 SOAP call per Permission Grant) calls from ID Gov to the ID Apps

    From what you have outline the ID Apps server is running out of File Descriptors. You will need to increase the ulimit -n on the ID Apps Linux server. Restart the ID Apps, and then press the Retry button on the Grant Requests that are in the Error Queue.

    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • Splendid! I did manage to wait for the whole process to finish and then pushed all the rest in the error queue with the retry option. Number of members added up correctly afterwards so that was good to see.

    Will have a look at File Descriptors then. Thank you!