login suspended for all users even though only one of the several configured ADs LDAPs is down


Article ID: 125966


Updated On:


CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager


Customer experiences login suspended for all users even though only one of the several configured AD’s (LDAP’s) is down.

The error message displayed is “AHD04042: login failed for userid('userid'); login timed out (IES 10901)”; no additional errors are recorded in the Service Desk log files.



  1. If an AD goes down, EEM tries to reconnect/rebind to the failed AD again only after the specified/configured time interval “connrebindtimeinterval” if there is a authN/authZ request to server.
  2. This way EEM verifies the status of failed ADs once for every predefined/configured time interval, specified in “connrebindtimeinterval” and can cause slowness every time it checks if the AD is down.
  3. If “connrebindtimeinterval” is not configured, then EEM will verify for every two minutes(default) if an AD is down.
Eg: Suppose if 3 ADs are down, each AD conntimeout=10 sec, and each AD connrebindtimeinterval=5 mins, then authN request will be slow for every 5 mins and may take almost 30 seconds i.e., cumulative of three failed LDAP’s conntimeout.
Best practices: “conntimeout” for an AD shouldn’t be more than 5 seconds even in case of very slow networks.


EEM Windows 64-bit (language independent)
Service Desk Manager 14.x, 17.x


This case was resolved in the DEFECT DE367696

1. Define a new xml attribute connrebindtimeinterval sequence in SERVER.XSD present at C:\ProgramFiles\CA\SC\EmbeddedEntitlementsManager\config\server i.e.,  
<xs:element name="connrebindtimeinterval" type="NonZeroUnsignedInt"minOccurs="1" maxOccurs="1" />
Please add the above after the attribute ldapautoreferral as shown below in LdapStore section

<Please see attached file for image>


2. Now, configure the new attribute (time value in seconds) for each AD in SERVER.XML, as shown below, which is present at the same path as the server.xsd  

<Please see attached file for image>


Note: It should be added immediate after the attribute “ldapautoreferral”

3. Now, make sure iGateway, DXserver_itechpoz services are stopped, then backup the iPoz.dll, eiamSpindle.dll present at C:\ProgramFiles\CA\SC\EmbeddedEntitlementsManager\lib and copy the new iPoz.dll and eiamSpindle.dll which has the fix.  

4. Backup also the UI translations file eiamSpindle.tr present at C:\ProgramFiles\CA\SC\iTechnology and copy the new eiamSpindle.tr file.  

5. Start the iGateway and DXserver_itechpoz services.

Additional Information

Unable to log in Service Desk with any user and EEM GUI is not accessible



1558690700925000125966_sktwi1f5rjvs16gc0.jpeg get_app
1558690698032000125966_sktwi1f5rjvs16gbz.jpeg get_app