After enabling VIP MFA getting 500 errors due to timeSync error
search cancel

After enabling VIP MFA getting 500 errors due to timeSync error

book

Article ID: 280014

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

After enabling VIP MFA for one site,  getting 500 errors. Verified the Access Gateway server(linux) timings and Policy Server(windows) timings.

This is intermittent as sometimes restarting the access gateway will resolve it, but it returns.

In the FWStrace.log the error message "Failure Reason:Type:TimeSyncError" is seen.

Environment

Applicable to Access Gateway and VIP

Cause

Even the servers may seem to be in time synch, if NTP is not used, the time can slowly differentiate over time. To account for this difference, the skew time can be modified.

Resolution

Adjust the skew time in SiteMinder VIP Authentication scheme to take into account any server time differences, 

Go to the VIP Authentication Hub Configuration section to adjust it. 

 

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/authentication-schemes/vip-authentication-hub-authentication-scheme.html

  • (Optional) Define the number of seconds subtracted from the current time to account for the difference in the system clocks of the machines where SiteMinder and Authentication Hub are installed in 
    Skew Time
Powered by Wolken Software