Overview
A customer recently experienced an issue with their internal DNS servers. The issue prevented the policy servers from staying connected to the policy, key, and session stores. Additionally, the policy servers were unable to create new user sessions in the session store and were unable to create new keys or retrieve keys from the key store.
In their configuration, the customer was using fully qualified server names in the IP address field for the policy store, key store, and session store. When the policy servers were unable to resolve the server names for these stores, authentications began to fail. The problem was not persistent, but it worsened throughout the day.
Use IP addresses for the data stores
The solution to their issue was an easy one: use IP addresses instead of server names. To do so, open the SiteMinder console and replace the server names with the appropriate IP addresses.
If you have more than one server to list, separate the entries with a space. The following is an example of using more than one server for high availability (HA):
- 10.0.1.6:989 10.0.1.7:9989
To enact the described changes, complete the modifications and restart the policy server.
Wrap Up
As always, we hope that you have found this information useful. If you need IAM assistance, reach out to SIS today and we would be happy to assist you. And subscribe to our newsletter to be notified about the posting of future articles and other SIS news.
