Support Center > Search Results > SecureKnowledge Details
Identity Awareness Agent disconnects with no apparent reason after some time of operation when Kerberos SSO is defined
Symptoms
  • Identity Awareness Agent disconnects with no apparent reason after some time of operation when Kerberos SSO is defined, but Kerberos authentication fails (or not working).

  • SmartView Tracker logs show:
    "A secondary session request was received from the same IP. This caused logout of the current session"
    However, there are no duplicate IP addresses.

  • Enabling "Assume that only one user is connected per computer" does not resolve issue (Identity Awareness gateway properties - go to "Identity Awareness" pane - check the box "Active Directory Query" - click on "Settings..." button).

  • Connection status shows on the Identity Agent:
    Machine Identity: Not Detected

  • Debug of PDPD daemon on the Identity Awareness gateway ('pdp debug set all all') shows Kerberos errors:

    [ PID ...]@HostName[Date Time]  [AUTH (TD::Events)] pdp::AuthMngr::GetAuthenticator: Get Kerberos Authenticator.
    [ PID ...]@HostName[Date Time]  [AUTH (TD::Events)] pdp::KerberosAuthenticator::BuildAuthData: KerberosAuthenticator::BuildAuthData: (
    	:accountName (<UserName>)
    	:Type (1)
    	:kerberosMessage ("(KerberosMessage
    	:token (...)
    	:principal ('ckp_pdp/<domain_name>@<DOMAIN_NAME>')
    	:flag (2)
    )
    ")
    	:principleName ("ckp_pdp/<domain_name>@<DOMAIN_NAME>")
    	:AdditionalInformation (...)
    )
    
    [ PID ...]@HostName[Date Time] SpNegoToken::BDecContent ERROR - SEQUENCE is missing non-optional elmt. offset = 16
    [ PID ...]@HostName[Date Time] SpNegoToken::BDec: attempt to decoded Content failed
    
                    
            
Solution
Note: To view this solution you need to Sign In .