|Applies To||RSA ClearTrust Agent 4.0 for Lotus Domino R5|
IBM AIX 4.3.3
|Issue||Error: "[ct_int_handle_status] - Critical error: CT_SERVER_TIMED_OUT" appears in agent log for RSA ClearTrust Agent 4.0 for Lotus Domino R5 when user accesses protected resource after no users access Lotus Domino for a long time|
TCP Packet out of state. First packet isn't SYN message on firewall log.
|Cause||The issue occurs because there is a firewall between the Lotus Domino server and the RSA ClearTrust Authorization Server (AServer) that was configured to drop TCP connection after a period of time if no activity is seen. When this occurs, the ClearTrust Agent is unable to recover.|
|Resolution||This issue is corrected in hot fix 4.0.0.02 for RSA ClearTrust Agent 4.0 for Lotus Domino R5. Contact RSA Security Customer Support to obtain this hot fix, or the latest hot fix level (which is cumulative, and contains fixes from previous fix levels).|
NOTE: After installing the hot fix, the ClearTrust Agent will recover from the firewall disconnection and is likely to log the following type of message in the Domino console log:
<Critical> - [ct_get_map_from_session] - Invalid server address
This should be considered correct behavior for the recovery and is an expected message.
|Legacy Article ID||a26853|