search cancel

Error 91 in smps logs during the fail-over from one data center to another data center for policy/session/key store.


Article ID: 36949


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Getting "Error 91 - Can't connect to the LDAP server" in smps.log for LDAP binds with failover servers in place.

For Example: In Data Center A we are getting the below error while trying to fail-over to Data Center B and Vice Versa.

[01/28/2015][11:30:09][3844287344][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-00350] SmObjLdapConnMgr Bind. Server Data_Center_B:20492. Error 91 - Can't connect to the LDAP server][][]


Policy Server: R12.52 SP1

CA Directory: R12 SP12


The default connection setup timeout to session/policy store (CA directory) should be 10 seconds, however based on analysis it using 10ms. This results in failures connecting to the session/policy/key store across the data center.

There is known issue for policy/key/session store LDAP binds with fail-over servers in place on 12.52 SP1 and it is fixed in 12.52SP1CR1.

As a work around try connecting only one LDAP store if it's non prod environment and if it is production use LDAPPingTimeout in smregistry.


Please find the temporary workaround by adding the following to the sm.registry (LDAPPingTimeout) in case of production.


Console= 0; REG_DWORD

LDAPPingTimeout= 0x64; REG_DWORD


And for Permanent fix, kindly upgrade your policy server to R12.52 SP1 CR01


Component: SMPLC