Why are we continually getting SmSessionServer Failed error code 2 and 3 in smps.log?

Document ID : KB000039430
Last Modified Date : 14/02/2018
Show Technical Document Details

Question: 

Why do we continuous receive following error messages in our smps.log?

What is the reason for following error messages?

Can they be ignored?

 

[4216/4704][Tue Mar 01 2016 14:23:38][SmSessionServer.cpp:571][ERROR][sm-Server-06007] failed. Error code : 2

[4216/4704][Tue Mar 01 2016 14:23:38][SmSSProvider.cpp:503][ERROR][sm-Server-07004] failed.Exception :

[4216/4704][Tue Mar 01 2016 14:23:38][SmSessionServer.cpp:535][ERROR][sm-Server-06007] failed. Error code : 3

 

Environment:  

Using SAML V1.0 Assertion with SiteMinder 12.52 and Federated Services 12.52 

 

Answer: 

The above error means "Session not found in the Session Store". If the session is not found in the session store then the policy server will not be able to validate the session and therefore the user will be redirected for credentials. 

If this is not happening for all users, then it is most likely that the user session was already deleted from the session store due to expiry/inactivity? 

Error 2 is when failed to Get Session from session store

Please see below transaction process:

 

1) User Logs in to a protected resource

2) User is granted an SMSESSIO cookie.

3) Session is written to the Session Store.

4) Users Session times out.

5) Session is removed from Session store.

6) User uses same browswer session to access a protected resource with the old SMSESSION cookie

7) Session from SMSESSION cookie is compared to session in Session Store.

8) Session cannot be found in Session Store

9) Error 02 "Not Found' in SMPS logs

10) User is directed to an Authentication Agent to Authenticate

11) User Authenticates

12) User is greanted access to resource again.

 

This is expected behavior and there should be nothing to fix.

 

Error 3 is when failing to update session held in session store. 

This is quite common when a user is logged into a url that does not need session store, and then later navigate to URL that does.

 

Additional Information:

Also see KB on How to reduce "SessionServer GetSession failed. Error code: 2" errors in SiteMinder Policy Server:

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec478217.aspx?intcmp=searchresultclick&resultnum=2