07 Oct 2015 10:51:34,869 1444229494782 ERROR [ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)' - Client : Internal, Identity not found for certificate: com.rsa.keymanager.core.identity.DefaultCertificate@1f35ae13
07 Oct 2015 10:51:34,869 1444229494782 ERROR [ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)' - Client : Internal, Error during transaction: com.rsa.keymanager.server.access.error.DefaultShampooAuthenticationErrorHandler

• a required client has not been configured correctly (either Identity not configured correctly or the client has been configured with the wrong digital certificate), or
• an old/unrequired client has been left running and is still trying to connect but its identity has been deleted from DPM server/appliance, or
• a fraudulent client is trying to connect, or
• a DPM node has been removed from the cluster, but is still running/operational and clients are still sending to it (the errors appear in the old node's log) 

1. Identify the DPM client that is affected by this problem.
   • Usually the IP address of the client is logged with the event message. If it is not shown (as in the above example messages) you should be able to adjust logging options in DPM's Application Server (Weblogic/Websphere/Tomcat) to include the client IP address with the logged event message. Alternatively, you could try to correlate the Application Server event messages to events in the Web Server (httpd/IIS/IHS) access log to determine IP address of the client
2. When you have identified the client with this problem, take appropriate action depending on the reason for the issue:

• If the client is not entitled to connect to DPM, take appropriate steps to disable or block the client.
• If the client is entitled to connect to DPM, check if an Identity has been configured for it on DPM server/appliance. If no identity has been configured, then create one and load the client's digital certificate into it.  If there is already an Identity configured for the client, check the digital certificates configured in the Identity and the client to determine which is the correct (unexpired) one to use, then either change the client's configuration to use the same certificate as is configured for the Identity, or update the Identity by uploading into it the digital certificate that is configured in the client.
• If the client is connecting to an old DPM node, shutdown that node, and/or adjust load balancer or client configuration to ensure the client only attempts to connect to live DPM node(s) in the cluster.