An intermittent issue has been observed with the OTP services from the Advanced Authentication integrated web application. Although the services are running, they occasionally become unresponsive to incoming requests.

The following error has been captured in the SA server logs:

03/11/25 22:11:03.767 DEBUG TXN_WS       00011676 SVRMASTR - ArcotAService::handleRequest: stream [000002254F7C4620], fd-transport [000002254F894FB0]
03/11/25 22:11:03.798 WARN  TXN_WS       00011676 SVRMASTR - It's very likely that the SSL hand-shake has failed. Please check SSL configuration.
03/11/25 22:11:03.798 INFO  TXN_WS       00011676 SVRMASTR - Txn-Begin : TxnID= | ClientTxnID=[<NA>] | Protocol=4 (TXN_WS) | ReqSize=0 | TST=1971-01-01 00:00:00:0 ()
03/11/25 22:11:03.798 INFO  TXN_WS       00011676 SVRMASTR - Empty response payload is detected. Attempting to generate appropriate response.
03/11/25 22:11:03.798 INFO  TXN_WS       00011676 00000000 - The request could not be processed by the protocol!.
03/11/25 22:11:03.798 DEBUG TXN_WS       00011676 00000000 -                     ResponseCode : 1051 (REQUEST_INVALID)

As a temporary workaround, the Strong Authentication service needs to be restarted to restore functionality. However, this approach is costly and disruptive in the production environment.

During the SSL handshake, the threads are waiting indefinitely, leading to thread exhaustion.

The Advanced Authentication product team has recommended reducing the thread timeout by adding the configuration below to the arcotcommon.ini file and setting the parameter to a lower value, preferably 5 minutes.
[arcot/inmem]
SSLHSTimeout=600000