|Applies To||Access Manager 6.0.4|
|Issue||aservers occasionally are unable to decrypt tokens from other aservers.|
IWA authentication method loops continually without sending authenticated user to protected page.
aserver logs show the following error message directly associated with each IWA authentication failure:
sequence_number=5943,remote_client=aserver1,2009-02-03 15:59:52:344 GMT+00:00,messageID=6,client_ip_address=192.168.0.1,client_port=38547,result_code=0,result_action=User Token Failed,result_reason=Token error
|Cause||This problem may occur if one of the keyservers is unable to communicate all its keys with other keyservers in the keyserver list. In this instance the customers cleartrust.keyserver.local_id parameter referred incorrectly to a keyserver on a second physical machine that already had a keyserver.|
Check to ensure that there are no typos in the keyserver.conf files. Specifically check to ensure that each keyserver has a unique name defined for
and that host name defined in the parameter refers to the physical machine where the keyserver resides.
|Workaround||New installation and configuration problem is suspected.|
|Notes||The presence of Token errors in the log file does not necessarily indicate a problem. Only in new installations where a configuration error is suspected are Token errors usually significant.|
|Legacy Article ID||a44484|