We have siteminder policy server and ACE server on different machines. And we have discussion with ACE support team and they say that this issue is because of the client side node secret.
Policy Server shows:
[7211/22][Tue Apr 21 2009 15:10:14][SmAuthAce.cpp:839][INFO] SmAuthenticate: Starting AceInit
[7211/22][Tue Apr 21 2009 15:10:39][SmAuthAce.cpp:972][ERROR] SmAuthenticate:Name Lock Request has been denied by ACE/Server communication failure.
ACA server log shows: <- Begin
04/21/2009 19:39:16U --------/node1.mycompany.org ---->
04/21/2009 15:39:16L Node verification failed node1.mycompany.org
In other words client (in this case )policy server holding node secret and trying to connect ACE server with old node secret. Do you know where siteminder keeps node secret file?
Location of the node secret file (filename: securid) is OS specific. Hence for Windows it will be in System32 directory (or wherever your ACE agent is installed) and on Unix platforms it will be in the $NETE_PS_ROOT/bin directory.
To fix this problem:
On the ACE server: