How to reduce "SessionServer GetSession failed. Error code : 2" errors in SiteMinder Policy Server

Document ID : KB000054676
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

I'm using SiteMinder Policy Server version 6 SP5 and I do see a lot of errors in the smps.log:

CSmSessionServer::GetSession() - Provider::GetSession() failed. Error code : 2

When the error is present we have noticed that the user is redirected for credential even though the session has not timed out.

Solution:

The above error means "Session not found in the Session Store". If the session is not found in the session store then the policy server will not be able to validate the session and therefore the user will be redirected for credentials.

Configure session to be persistent; the persistent session is updated in the session store when you hit a protected resource (table ss_sessionspec; column LastTouch).

The WebAgent has the ability to process requests from cache instead of then the policy server. This could lead to unexpected timeouts; the session has been reached the maximum idle time and therefore it could be deleted from the session server.

In order to avoid this situation you can enable the "Validation Period" under the properties of the Persistent Realm, this will force the agent to validate against the policy server when it has exceeded the threshold defined by "Validation Period".
NOTE: the "Validation Period" should be less than the IDLE timeout of the realm.

Session validation calls perform two functions:

  1. Informing the Policy Server that a user is still active.
  2. Checking that the user's session is still valid.

Minimum requirements:

  • SiteMinder Policy Server version 6 SP5 CR03.
  • SiteMinder Web Agent version 6 QMR5 CR02.

For more reference please check SiteMinder Policy Server Design Guide, Chapter 30 "Realm Dialog Reference".