Troubleshooting
Problem
Security Access manager periodically logs HPDRG0201E error
Symptom
Security Access manager log file shows following error:
HPDRG0201E Error code 0x51 was received from the LDAP server. Error text: "Can't contact LDAP server".
Cause
This error may appear in logs if ldap server has connectivity issue over the network, or ldap client request does time out or ldap server is down.
Diagnosing The Problem
Below are recommendations to diagnose the problem:
(1) Verify the ldap server logs to make sure directory server was running when error occurred
(2) Enable auditing on directory server to verify if ldap request received from the Security Access manager when error occurred. If you have configured replica ldap servers in Security Access manager configuration then Security Access manager sends request to replica ldap server if initial request on master ldap server fails and logs error.
(3) Verify the connection-inactivity value set in ldap.conf
Resolving The Problem
Specify a (non-zero) value for 'connection-inactivity' that is lower than any other inactivity timeout on devices between Security Access manager and the directory servers (e.g. firewalls, load balancers, the LDAP servers, etc). The default value is 0 which indicates that the connection to the directory server does not time out. Security Access manager may use the stale connection if existing connection is terminated by directory server or any devices over the network and logs error.
This is configured in the [ldap] stanza of the client's configuration file (ldap.conf).
For example:
[ldap]
connection-inactivity = 240
Related Information
Product Synonym
ISAM;ITAM
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21992182