We're running a Policy Server and this one reports the following
1. [1030/140279310960384][Thu Aug 27 2020
SmWalker.Evaluate(LDAPSearch): Error 10 for base
2. [1030/140280745424640][Thu Aug 27 2020
SmDsLdapConnMgr Bind. Server 10.0.0.1 : 636. Error 49-Invalid
How can we avoid them showing in the smps.log ?
Policy Server 12.8SP3 on RedHat 7
At first glance, both lines can be related to referral that the Policy
Server follows. At Policy Server level, you can configure the Policy
Server to not follow the referrals.
1. This log comes from SmWalker processing and as such, if Policy
Server is configured to follow referrals, then this error log might
SmWalker for CA Single Sign-On User Guide Version R14.3
SmWalker Configuration :
#SMWALKER.RESTRICTED Should resolve to a Boolean. If this value
is true, then, for all functions except Evaluate, the function
cannot be called directly as an Active Expression in any way. Such
a function can be called by Evaluate, however.
If you are running on a version of CA Single Sign-On that
supports Enhanced Referrals, it will automatically follow write
referrals without this setting. In that case we will recommend
using the CA Single Sign-On out of box functionality.
Additional Note to above Applicable only Active Directory is being
used as the directory server with Smwalker.
In order to avoid referrals, you have to disble them by the Policy
Server following instructions from this KD :
Policy Server :: LDAP Referrals : EnableEnhancedReferrals and EnableReferrals
In order to disable the referrals on the Policy Server you need to set
these registry keys:
EnableEnhancedReferrals = 1; REG_DWORD
EnableReferrals = 0; REG_DWORD
If the Policy Server has to contact Active Directories, let point the
Policy Server to the Global Catalog which is the port 3268 in order
for the Policy Server not to received command from Active Directory to
This error is because the user provided the wrong
credentials. There's no way in the product to remove them from the
Policy Server logs.