Issue:
Getting "Error 91 - Can't connect to the LDAP server" in smps.log for LDAP binds with failover servers in place.
For Example: In Data Center A we are getting the below error while trying to fail-over to Data Center B and Vice Versa.
[01/28/2015][11:30:09][3844287344][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-00350] SmObjLdapConnMgr Bind. Server Data_Center_B:20492. Error 91 - Can't connect to the LDAP server][][]
Environment:
Policy Server: R12.52 SP1
CA Directory: R12 SP12
Cause:
The default connection setup timeout to session/policy store (CA directory) should be 10 seconds, however based on analysis it using 10ms. This results in failures connecting to the session/policy/key store across the data center.
There is known issue for policy/key/session store LDAP binds with fail-over servers in place on 12.52 SP1 and it is fixed in 12.52SP1CR1.
As a work around try connecting only one LDAP store if it's non prod environment and if it is production use LDAPPingTimeout in smregistry.
Resolution:
Please find the temporary workaround by adding the following to the sm.registry (LDAPPingTimeout) in case of production.
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug=1032831252
Console= 0; REG_DWORD
LDAPPingTimeout= 0x64; REG_DWORD
And for Permanent fix, kindly upgrade your policy server to R12.52 SP1 CR01