When putting load on our environment, Policy Server reports randomly authreason 38

Article Id: 75010
Status: Published
Updated On: 05-04-2018 00:41
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

We run Web Agent, and when the same user login within the same second, the first tentative fails as the second with the same credentials succeeds :
 
  [Az][AzAccept][][myagent][04/Sep/2017:11:37:59 +0000][myagent] 
  [3+YR9IwUQAQ1gs5142aIiBm/fZk=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057] 
  [myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/] 
  [GET][][][][0000000000000000000000008c8415ab-c5a8-59ad3b17-1afee700-28a576b8b5ea][] 
  [mydomain][][][][][] 

  [Auth][AuthReject][38][myagent][04/Sep/2017:11:37:59 +0000][myagent] 
  [56Yr3GKp9Ipcd8d7+OeVU1kLOGo=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057] 
  [myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/] 
  [GET][myuserstore][master failover,master 
  failover,master failover,master 
  failover,master failover,master 
  failover,master failover,master 
  failover][LDAP:][][][mydomain][][][][][] 

  curl -H "Authorization: Basic bTk1MDAzNzoxMjNWbGllZ251b3Ah" -H "Cookie: SMCHALLENGE=YES" https://myhost.mydomain.com/protected/ 

  This script runs 20 Authentications a minute; 

Why is this happening? How can we fix this? 
 

Cause:

This issue occurs because the Policy Server tries to update a field that the Novell LDAP Server hasn't replicated completely.
 

Environment:

Web Agent R12.52 SP1 CR01 on Apache 2.2 on RedHat 6.6 64 bit; 
User Store on Novell eDir LDAP 8.8.8;
 

Resolution:

Disable "Track successful logins" on the password policies to solve this issue, or tune the LDAP Server replication to cope with the load you put on the environment.