Regarding the possibility that there is an issue with the agent keys, I think our symptoms argue against this being the case with our agent keys since the failure to decode the SMSESSION cookie happens on a small fraction of our total requests. I'm guessing less than 1%. Please let me know if my analysis seems wrong.
Regarding the second suggestion to exclude requests from cookie provider redirection, how does this approach allow reestablishment of a session that has failed due to the inability to decode the SMSESSION cookie? Does using a setting like the ones discussed in the link you supplied (e.g. OverlookSessionForMethodsUri) essentially exclude that URL from protection by Siteminder. If so, that does not seem tenable for our use case. If this approach does not exclude the URL from protection, how does this prevent the error decoding the SMSESSION?