SiteMinderAgentModule randomly fails to set cookies in response with info message "OnSendResponse -- SetCookiesInResponse failed."

This is causing HTTP 500 error on browser.

This error was triggered during a SP initiated federation request, however, the federation transaction itself does go though fine.

The error only shows up on IIS web server failedrequesttrace log or windows event viewer, not on web agent logs.

IIS web agent

When IIS has ARR enabled, there could be a timing conflict on where the smsession cookies are set. 

1.  Setting ACO EarlyCookieCommit=Yes, then recycle the agent.

2.  Verify during the exact time stamp of failed request, if there is any other request coming in, which is NOT part of the protected resource.  e.g. GET /favicon.ico HTTP/1.1

If there is, adjust ACO ignoreext by adding .ico

if it is url, then adding ACO ignoreurl=/example