Customer's application page is protected by Kerberos Authentication of CA Single Sign-On.
Made a load test for the Kerberos authentication, and it resulted in Policy Server restart multiple times.
As per the Application Event log, the crash occurred in NSLDAP32V60.dll.
Faulting application name: smpolicysrv.exe, version: 12.8.200.1992, time stamp: 0x5c50799e
Faulting module name: NSLDAP32V60.dll, version: 0.0.0.0, time stamp: 0x564cc5f9
Exception code: 0xc0000005
Fault offset: 0x0000000000012bb4
Faulting process ID: 0x134c
Start time of the failing application: 0x01d59a960b31fac3
Faulting application path: C:\Program Files\CA\siteminder\bin\smpolicysrv.exe
Faulting module path: C:\Program Files\CA\siteminder\bin\NSLDAP32V60.dll
Also, the crash was observed even if using HTML Form Authentication.
Release : 12.8.02
Component : Policy Server
OS: Windows 2016
While the crash point is in nsldap32v60.dll which is based on third party library,
customer settings of LDAP User Directory was their default Windows domain, such as following:
- LDAP Search Root : DC=example,DC=com
By changing the settings to have Root include OU=People to the existing root setting, the crash disappeared.
- LDAP Search Root : OU=People,DC=example,DC=com
Adding OU (in this case) reduces the search tree to a lower level where in set of entries returned will be lowered , time taken to search will be lowered which will avoid any socket timeouts or socket abort which might have lead to crash.