It's all about the answers!

Ask a question

SECJ0371W: Validation of the LTPA token failed because the token expired with the following info.


Qaiser Islam (31276570) | asked Feb 26 '13, 12:46 p.m.
hi,

i am keep getting this error in systemout.log. RTC/RRC 4.0.1, WAS 8.0.0.5 and DB2 9.7

SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Tue Feb 26 17:14:00 AST 2013, current Date: Tue Feb 26 17:14:00 AST 2013.

Thanks,
Qaiser


Comments
Bo Chulindra commented Feb 27 '13, 9:30 a.m.
JAZZ DEVELOPER

Are all your clocks synchronized?


Qaiser Islam commented Feb 27 '13, 9:50 a.m.

there is 4 min difference between App server and db..


Ralph Schoon commented Feb 27 '13, 10:56 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

You should switch the time synchronization on as described in the installation manual. See: http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0/topic/com.ibm.jazz.install.doc/topics/t_s_server_installation_setup_wizard.html look for NTP.

You probably see this in the diagnostics:

CRJAZ2108W An NTP server is not configured to use for system clock verification. If unsynchronized clocks are on different application servers, problems might occur. To configure the NTP server to be used to verify the accuracy of the system clock, go to the Advanced Properties page, and for the NTP Server Address property, enter the address of an NTP server. To disable this diagnostic, click Disable.


Accepted answer


permanent link
Bo Chulindra (1.3k2718) | answered Feb 27 '13, 11:24 a.m.
JAZZ DEVELOPER
See investigate solution for excessive LTPA logging on WAS (238990) for some information on possible causes and solutions.
Qaiser Islam selected this answer as the correct answer

2 other answers



permanent link
Ralph Schoon (61.5k33643) | answered Feb 26 '13, 3:44 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
 LTPA Token are used between IHS and WAS for SSO. This happened in a case where performance testing ran longer than the timeout. What is your use case? You can change the timeout. However, I guess there is another issue. 

Comments
Qaiser Islam commented Feb 27 '13, 5:25 a.m.

no i am not running any performance tests. i deployed RTC/RRC 4.0.1 on WAS 8.0.0.5 with LDAP authentication. is it because of some issue with LDAP integration? when i look at the log, the first entry i see is related to ldap connection followed by this error. although i am not facing any LDAP integration issue, users are able to login with their AD ids and nightly sync is also working fine

[2/27/13 12:55:54:730 AST] 0000003f LdapRegistryI A   SECJ0419I: The user registry is currently connected to the LDAP server ldap://LDAPSERVER:389.
[/13 13:04:56:677 AST] 0000003f LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Wed Feb 27 13:04:00 AST 2013, current Date: Wed Feb 27 13:04:56 AST 2013.
[2/27/13 13:04:56:677 AST] 0000003f LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Wed Feb 27 13:04:00 AST 2013, current Date: Wed Feb 27 13:04:56 AST 2013.


permanent link
Thomas Dunnigan (13114126) | answered Oct 02 '13, 9:00 a.m.
All,

I have the very same issue ever since we upgraded to RTC 4.x.  My configuration is a WAS instance on one server and the Database on another server.

I have tried the solution in http://www-01.ibm.com/support/docview.wss?uid=swg21590961 with no luck.

My prior configuration was:

RTC 4.0.2 (And prior 4.x releases)
WAS 7.0.0.29 (And prior fixpacks)
DB2 9.7

I have updated my WAS configuration to:
RTC 4.0.2
WAS 8.0.0.7
DB2 9.7

It is apparent from my actions that this issue is casued by CLM/RTC and not WAS.

And the log message still occurs in 8.0.0.7,   but now with a little more information:

[10/2/13 7:12:17:352 EDT] 00000026 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Wed Oct 02 01:33:00 EDT 2013, current Date: Wed Oct 02 07:12:17 EDT 2013 Token attributes:  port=XXXX, username=user:<MYLDAPSERVER>:636/xx=XXXXXX,c=XX,xx=XXXXXXX,o=XXXX.com, hostname=<MY_RTC_SERVER>.. This warning might indicate expected behavior. Please refer to technote at http://www-01.ibm.com/support/docview.wss?uid=swg21594981.

What I have noticed is that Build user ID that is shared among several build engines across several different servers is one of the biggest culprits.

I have also noticed that this occurs with Eclipse based clients that have been up for a significant period of time, including my own.   When I noticed my own user ID showing up in the log messages above,  I shutdown my client and restarted it.  Immediatley after that I did not see this issues until several hours had passed.

I observed the same issue with the build engines' user id after shutdown and restart.  However hours later, the application server will begin to log the messages again.

Since both of these are Eclipse based,  would it be fair to assume that the application servers handling of the eclipse client is the root cause?

I have not had a significant performance hit,  but this is something I would like it resolved.



Your answer


Register or to post your answer.