This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
SubramanyamPedd
New Contributor
New Contributor
‎2019-02-13 01:04 PM

I am seeing the message "Primary connection pool for "slot-0-user" failed" in the system log monitor. End users are not able to authenticate. The end users are in an external AD identity source.

Messages

"Primary connection pool for "slot-0-user" failed"

"Failed to connect to Identity source".

I am seeing the above messages in the system log monitor.

 

When they show none of the end users were able to authenticate to Authentication Manager.

What might be the reason and how to fix it.

Labels (1)
0 Likes
Reply
2 Replies
EdwardDavis
Employee
Employee
‎2019-02-13 01:38 PM

LDAP connection(s) for external identity source is/are bad.

 

 

Check Primary operations console, deployment config, identity sources, manage existing

check the connections to ldap, because one or more of them is broken.

 

-either the password for the account used to connect needs to be changed/updated

   or

-if using ldaps, there may be a certificate problem (expired, or wrong certificate)

   or

-something else, need to check further (network issue, dns issue...normal network/server troubleshooting steps)

 

***TIP: if this is about the password for the account used to connect, and you change it, it will start to work but also there may be some stale ldap connections attempting to use the old password which is still cached in the ldap pool, and the logs will continue show these failed attempts. To clear these immediately, you can bump the server.

Reply
SubramanyamPedd
New Contributor
New Contributor
In response to EdwardDavis
‎2019-02-13 01:50 PM

Hi Ed,

AD service account is good. The SSL certificate is still valid and didn’t expire.

When we ran ldapsearch command from command line it was working fine.

 

These errors are happening intermittently.

I also saw the “Primary connection Pool for “slot-0-user” restored” after the failures.

Soon after that the restored message, I saw “Primary connection Pool for “slot-0-user” failed message again.

 

I went and tested on the replica Operations console and it was fine with no issues.

To resolve this issue now, we rebooted the primary server.

 

I think there might be a bug or something here. Our Authentication Manager version is 8.3 P02.

 

Regards

Subbu Peddibhotla

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.