CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 21st April 2016

ISSUE:

Policy Server logs “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store, despite success with the following approaches from Policy Server:

• telnet to the LDAP port (with hostname and IP address)
• Test Connection via SM Management Console
• execute the ldapsearch command

CAUSE:

The default Ping timeout should be 10 seconds, but with R12.52 SP1 release, somehow Policy Server is reading the value in milliseconds instead of seconds.

RESOLUTION:

Fix is incorporated with R12.52 SP1 CR1 release onward. With the fix, Policy Server is reading the LDAPPingTimeout value in seconds.

WORKAROUND:

Add/ update the following registry key in sm.registry file on UNIX or through Registry Editor on Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug
LDAPPingTimeout = 10000; REG_DWORD

Alternatively, you can define a reasonable ping timeout in milliseconds.

Restart Policy Server after the updates.