getting error message in Policy server SMPS log
search cancel

getting error message in Policy server SMPS log


Article ID: 200952


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server and this one reports the following
errors :

1. [1030/140279310960384][Thu Aug 27 2020
   SmWalker.Evaluate(LDAPSearch): Error 10 for base
   filter =
   "(&(objectCategory=group)(member=cn=jsmith,dc=training,dc=com))". Reason:
   Referral received
2. [1030/140280745424640][Thu Aug 27 2020
   SmDsLdapConnMgr Bind. Server : 636. Error 49-Invalid

How can we avoid them showing in the smps.log ?




Policy Server 12.8SP3 on RedHat 7




At first glance, both lines can be related to referral that the Policy
Server follows. At Policy Server level, you can configure the Policy
Server to not follow the referrals.

1. This log comes from SmWalker processing and as such, if Policy
   Server is configured to follow referrals, then this error log might

   SmWalker for CA Single Sign-On User Guide Version R14.3

   SmWalker Configuration :

     #SMWALKER.RESTRICTED Should resolve to a Boolean. If this value
   is true, then, for all functions except Evaluate, the function
   cannot be called directly as an Active Expression in any way. Such
   a function can be called by Evaluate, however.


     If you are running on a version of CA Single Sign-On that
   supports Enhanced Referrals, it will automatically follow write
   referrals without this setting. In that case we will recommend
   using the CA Single Sign-On out of box functionality.

   Additional Note to above Applicable only Active Directory is being
   used as the directory server with Smwalker.
   In order to avoid referrals, you have to disble them by the Policy
   Server following instructions from this KD :
   Policy Server :: LDAP Referrals : EnableEnhancedReferrals and EnableReferrals

    In order to disable the referrals on the Policy Server you need to set
    these registry keys:

       EnableEnhancedReferrals = 1; REG_DWORD       
       EnableReferrals = 0; REG_DWORD 

    If the Policy Server has to contact Active Directories, let point the
    Policy Server to the Global Catalog which is the port 3268 in order
    for the Policy Server not to received command from Active Directory to
    follow referrals.



   This error is because the user provided the wrong
   credentials. There's no way in the product to remove them from the
   Policy Server logs.