search cancel

Error# '85' during search: 'error: Timed out' when searching role from sharepoint people picker only when it reaches 95000 and above


Article ID: 76232


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We are getting timeout error while searching through Sharepoint people picker only when users in a given role are more than 95,000 users Role "givenName" 

There are 99,000 Users in the Role "givenName" 

[12396/23006][Mon Sep 04 2017 11:24:50][SmDsLdapConnMgr.cpp:1231][ERROR][sm-Ldap-02230] Error# '85' during search: 'error: Timed out' Search Query = '(&(|(objectclass=organizationalPerson)(objectclass=inetOrgPerson)(objectclass=organization)(objectclass=organizationalUnit)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=group)(objectclass=organizationalperson)(objectclass=inetorgperson)(objectclass=IDMPerson)(objectclass=groupOfUniqueNames)(objectclass=IDMGroup)(objectclass=organizationalUnit)(objectclass=eTGlobalUser)(objectclass=eTGlobalGroup)(objectclass=organizationalperson)(objectclass=inetorgperson)(objectclass=IDMPerson)(objectclass=groupOfUniqueNames)(objectclass=organizationalUnit))(AssignedRoles=givenName))' 

It was observed that when user count is 90000, the error was not reported but when it reached to 95000, we are observing above error 


Search Timeout needs to be increased in Policy Server configuration


CA Siteminder Policy Server Product Name=CA Single Sign-On Policy Server Full Version=12.52 SP1 CR06 
CA SharePoint Agent Product Name=CA SiteMinder Agent for SharePoint Full Version=12.52 SP1 CR04.


Please add new registry variable " SearchTimeout " to increase search timeout in Policy server. 

Under this registry path 

Right click on " LdapSessionServer " -> New -> DWORD (32 bit) value this will create a variable and " rename " as below.


- Set the value of 40 (in seconds) 

This " SearchTimeout " registry change should take effect automatically. However, if issue persists after making above registry changes, please plan a policy server restart.