Why are we continually getting SmSessionServer Failed error code 2 and 3 in smps.log?

book

Article ID: 39430

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 

We're running Policy Server and this one reports often the following
message :

  - Why do we continuous receive following error messages in our
    smps.log ?
  - What is the reason for following error messages ?
  - Can they be ignored ?

    [4216/4704][Tue Mar 01 2016
    14:23:38][SmSessionServer.cpp:571][ERROR][sm-Server-06007]
    failed. Error code : 2

    [4216/4704][Tue Mar 01 2016
    14:23:38][SmSSProvider.cpp:503][ERROR][sm-Server-07004]
    failed.Exception :

    [4216/4704][Tue Mar 01 2016
    14:23:38][SmSessionServer.cpp:535][ERROR][sm-Server-06007]
    failed. Error code : 3

 

Environment

 

Using SAML V1.0 Assertion with SiteMinder 12.52 and Federated Services
12.52 and above

 

Resolution

 

The above error means "Session not found in the Session Store". If the
session is not found in the session store then the policy server will
not be able to validate the session and therefore the user will be
redirected for credentials. 

If this is not happening for all users, then it is most likely that
the user session was already deleted from the session store due to
expiry/inactivity? 

Error 2 is when failed to Get Session from session store

Please see below transaction process:

  1. User Logs in to a protected resource
  2. User is granted an SMSESSION cookie.
  3. Session is written to the Session Store.
  4. Users Session times out.
  5. Session is removed from Session store.
  6. User uses same browswer session to access a protected resource
     with the old SMSESSION cookie
  7. Session from SMSESSION cookie is compared to session in Session
     Store.
  8. Session cannot be found in Session Store
  9. Error 02 "Not Found' in SMPS logs
  10. User is directed to an Authentication Agent to Authenticate
  11. User Authenticates
  12. User is greanted access to resource again.

This is expected behavior and there should be nothing to fix.

Error 3 is when failing to update session held in session store.

This is quite common when a user is logged into a url that does not
need session store, and then later navigate to URL that does.

 

Additional Information

 

Also see KB on How to reduce "SessionServer GetSession failed. Error
code: 2" errors in SiteMinder Policy Server:

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=54676