After implementing Single Sign On, users are getting intermittent errors: Unable to Communicate to the PPM server.

Document ID : KB000005217
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After implementing Single Sign On, users are intermittently getting popup errors, stating (see Figure 1.):

"Unable to Communicate to the PPM server. Please try again and if the problem persists contact your system administrator."

 

Figure 1.

Capture2.JPG

Environment:
All CA PPM Supported environments using Single Sign On with a Load Balancer front end and/or an Apache Reverse Proxy server.
Cause:

CA PPM will trap on underlying http status codes that are unexpected (for example: "0") instead of the usual codes of "200", "302", etc...

If there is a network disconnect or SSO timeout, or other connection interruption between the client and the server, the web browser will throw an XHR exception with an http status code of "0".

The popup will then display to the user.  This is to let the user know that something went wrong and to try again.

To address the issue, reference the <CAPPM_HOME>/logs/app-ca.log at the time the user received the popup.

An error will appear with the username of the user that saw the issue:

OnError called--Client Side Exception

java.lang.Exception: VXMLRequest failed.  HTTP status code was: 0

 

One common cause can be Load Balancer (for example: F5 Networks load balancer) or Apache Web Server - Reverse Proxy server in front of the PPM application server.

Configuration here can cause connections to timeout or become interrupted.

Resolution:

CA Support cannot assist with tuning Load Balancers and Reverse Proxy servers.

However, the following two items can resolve the issue for our On Premise customers.

1- Apache Reverse Proxy configuration file

    Tune or add KeepAliveTimeout and set to 30 seconds.  Anything smaller can result in the popup error intermittently.

2- If using an F5, implement a One Connect profile to maintain client connections 

    For example:  https://www.f5.com/pdf/deployment-guides/oneconnect-tuning-dg.pdf

    Please consult with your Load Balancer vendor support for assistance.

 If the issue still persists, please investigate the following:

3- Ensure that the CA PPM Timeout is set to "0" or is set smaller than the SSO idle session timeout.

4- Ensure the Load Balancer session persistence does not time out before the SSO or PPM idle timeouts.

5- Validate that any client side security software is not playing a role.

6- Inspect any web browser plugins and make sure they are removed for testing.