Try changing on your policy server ldap.conf connection-inactivity.
You may have to play a bit with the timing but this should fix your problem. I would not recommend using advanced tuning unless its directed by support via case.
# The following parameter specifies the connection inactivity time, in seconds,
# after which an unused connection to the LDAP server will be taken down.
# A value of zero (0) indicates that inactivity will not be tracked
# and the connection will remain established (permanent).
# The default is zero (0) meaning connections are permanent.
connection-inactivity = 20
------------------------------
Robert Graham
Cloud Security Consultant
IBM
(330) 314-5946
------------------------------
Original Message:
Sent: Sun October 06, 2019 04:24 PM
From: Jahanzaib Sarwar
Subject: ISAM Error: HPDIA0114E Could not acquire a client credential.
Respected fellows,
We have ISAM 9.0.7 configured with two ADs as Federated Directories for authentication. The users are imported into ISAM using user principal name which is unique amongst the ADs. Basic user support is disabled so that only imported users are allowed to authenticate.
We are facing an authentication issue in this setup. When an AD user attempts to login after a long gap, webseal throws the following error:
HPDIA0114E Could not acquire a client credential.
However, on the retry, the user is logged in successfully. This does not happen for the local user but only for AD user.
What could be the problem as it is not all the time that it happens, only when there is no authentication attempt on the webseal for a little longer. The issue does not occur in subsequent authentication requests.
Hope to hear,
Best regards,
------------------------------
Jahanzaib Sarwar
------------------------------