Kelly Wong

Tech Tip - CA Single Sign-On: Policy Server logs error 91 against LDAP policy store

Blog Post created by Kelly Wong Employee on Apr 21, 2016

CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 21st April 2016



Policy Server logs “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store, despite success with the following approaches from Policy Server:

  • telnet to the LDAP port (with hostname and IP address)
  • Test Connection via SM Management Console
  • execute the ldapsearch command



The default Ping timeout should be 10 seconds, but with R12.52 SP1 release, somehow Policy Server is reading the value in milliseconds instead of seconds.



Fix is incorporated with R12.52 SP1 CR1 release onward. With the fix, Policy Server is reading the LDAPPingTimeout value in seconds.



Add/ update the following registry key in sm.registry file on UNIX or through Registry Editor on Windows:

LDAPPingTimeout = 10000; REG_DWORD


Alternatively, you can define a reasonable ping timeout in milliseconds.

Restart Policy Server after the updates.