Symantec Access Management

Scenario:
One of our application is getting an error page as sson as it redirects to the cookie Provider each 5 minutes.Since there was an AJAX call happening in the background,the session was getting corrupted and an error is thrown from the application.

Since it is a known issue.We changed the SessionUpdate Period to 39600(11 hrs).

But still after 5 minutes the session is getting redirected to the cookie Provider.

In Browser,IE8,though the session is getting redirected to cookie provider,the session is still active and its working.
But in IE 9,they application is throwing error each 5 minutes.

Am not sure ,why the session is getting updated each 5 minutes,though it is increased.

OS:OELinux Version 64bit
SM Version:FullVersion=6.0.535.852
Version=6QMR5

ACO Parameters:
[26301/1109309760][Fri Jul 19 2013 16:29:42] ***** Begin Configuration *******************************************
[26301/1109309760][Fri Jul 19 2013 16:29:42] agentconfigobject='***************'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] agentname='******************'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] agentnamesarefqhostnames='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] agentwaittime='30'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] allowcacheheaders='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] allowlocalconfig='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] badcsschars='<,>'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] badformchars='<,>,&,%22'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] badurlchars='//,./,/.,/*,*.,~,\,%00-%19,%21-%1f,%7f-%ff,%25'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] cacheanonymous='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] cccext='.ccc'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] conformtorfc2047='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] constructfullpwsvcurl='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] cookiedomainscope='0'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] cookieprovider=XXXXXXXXXXXXXXXXx.ccc'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] csschecking='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] decodequerydata='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] defaultagentname='XXXXXXXXXXXXXX'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] deletecerts='No'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] disableauthsrcvars='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] disablesessionvars='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] disableusernamevars='No'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] disableuservars='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] enableauditing='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] enablemonitoring='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] enablewebagent='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] encryptagentname='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] enforcepolicies='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] enforcerealmtimeout='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] fcccompatmode='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] fccext='.fcc'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] forcecookiedomain='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] forcefqhost='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] hostconfigfile='/software/ca/netegrity/webagent/config/SmHost_prelive.conf'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] ignorecpfornotprotected='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] ignoreext='.class,.gif,.jpg,.jpeg,.png,.fcc,.scc,.sfcc,.ccc,.ntc,.css'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] ignorequerydata='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] legacycookieprovider='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] legacyencoding='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] legacyvariables='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] loadplugin='/software/ca/netegrity/webagent/bin/libHttpPlugin.so'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] logappend='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] logfile='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] logfilename='/software/ca/netegrity/webagent/log/smwa.log'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] logfilesize='100'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] lowercasehttp='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] maxresourcecachesize='750'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] maxsessioncachesize='750'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] maxurlsize='4097'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] ntcext='.ntc'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] persistentcookies='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] persistentipcheck='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] preserveheaders='No'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] preservepostdata='Yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] proxyagent='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] proxytimeout='120'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] proxytrust='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] pspollinterval='30'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] requirecookies='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] resourcecachetimeout='600'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] savecredstimeout='720'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] sccext='.scc'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] secureapps='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] secureurls='No'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] serverpath='/usr/local/apache/conf'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] sessiongraceperiod='120'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] sessionupdateperiod='39600'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] setremoteuser='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] sfccext='.sfcc'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] targetasrelativeuri='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] traceappend='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] traceconfigfile='/software/ca/netegrity/webagent/config/WebAgentTrace.conf'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] tracedelimeter='|'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] tracefile='yes'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] tracefilename='/software/ca/netegrity/webagent/log/trace.log'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] tracefilesize='100'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] traceformat='default'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] transientidcookies='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] transientipcheck='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] useanonaccess='No'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] usesecurecookies='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] useserverrequestip='no'.
[26301/1109309760][Fri Jul 19 2013 16:29:42]
[26301/1109309760][Fri Jul 19 2013 16:29:42] SiteMinder Agent API Host Configuration:
[26301/1109309760][Fri Jul 19 2013 16:29:42]
[26301/1109309760][Fri Jul 19 2013 16:29:42] cluster_1='3'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] cluster_1=************.
[26301/1109309760][Fri Jul 19 2013 16:29:42] cluster_1='XXXXXXXXXXXXXX
[26301/1109309760][Fri Jul 19 2013 16:29:42] cluster_1='XXXXXXXXXXXXXX
[26301/1109309760][Fri Jul 19 2013 16:29:42] cluster_1='21.0'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] enablefailover='YES'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] hostname='th_XXXXXXXXXX.
[26301/1109309760][Fri Jul 19 2013 16:29:42] maxsocketsperport='40'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] minsocketsperport='2'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] newsocketstep='2'.
[26301/1109309760][Fri Jul 19 2013 16:29:42] requesttimeout='60'.

Moving to General Discussion Board

The above issue got resolved,after keeping just one policy server in the HCO.
Actually there were 3 policy server,in the HCO,So we had to isolate one by one,to find the root cause.I belive the cache of one of the polciy servers didnt get updated.

Thanks.

First off 6.0 sp5 isnot certified for AJAX. r12.5 was enhanced to work with AJAX, so you shoudl upgrade asap.

Secondly look into "enforce realm timeouts"

Since we recently upgraded to r12 infrastructure,we wouldnt be going to r12.5 in near future.So I believe upgrading the agent r12.5 will not work.

I havent tried enforce realm timeouts.

Thanks.