Users experience an LDAPS authentication failure on their initial login attempt to OneClick ․​​​​​​​‍ ERROR MESSAGE: "Incorrect credentials"

SYMPTOMS:

• First login attempt fails with error

• Immediate second login attempt succeeds

• System works without issues for several minutes

• After 5 to 6 minutes of inactivity, the next first login attempt fails again

   

CONTEXT: Occurs when connecting through a load balancer or intermediate network device to backend Domain Controllers

IMPACT: Users must log in twice after periods of inactivity

any supported Spectrum release before 25.4.3

The issue is a mismatch between the application connection pooling and network TCP idle timeouts ․ Tomcat keeps idle connections open in a pool, but intermediate network devices silently drop them after 5 to 6 minutes ․ When the application attempts to reuse the stale connection, it is rejected, causing an authentication failure ․

Step 1: LOCATE THE TOMCAT DIRECTORY

Path: $SPECROOT/tomcat/bin/

Step 2: BACKUP THE CONFIGURATION FILE

Command: cp setenv․sh setenv․sh․bak

Step 3: EDIT THE STARTUP SCRIPT

Open setenv․sh or catalina․sh in a text editor

Step 4: ADD THE JVM ARGUMENT

Append the timeout parameter to the CATALINA_OPTS or JAVA_OPTS variable Add the following line: CATALINA_OPTS="$CATALINA_OPTS -Dcom․sun․jndi․ldap․connect․pool․timeout=240000"

EXPECTED: Parameter is added to force connection recycling after 4 minutes

Step 5: SAVE AND RESTART

Save the changes and restart the Tomcat web server service

VERIFY SUCCESS:

• Log in to OneClick

• Wait 6 minutes

• Attempt a new action or login to verify the connection succeeds on the first attempt

there is a fix delivered in Spectrum 25.4.3 release:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/25-4/release-information/issues-resolved.html

Symptom:  Users experience intermittent connection issues with the Lightweight Directory Access Protocol (LDAP) integration in Spectrum. The connection occasionally fails and then succeeds when tried again. 
Solution:  With this fix, Spectrum implements a retry mechanism for the LDAP connection. This effectively resolves the intermittent failures and ensures a consistent login experience for users utilizing the LDAP integration in Spectrum. 
(DE176066, 36497486, 25.4.3)