Avamar: DTLT session expires with a timeout error

Summary: A Desktop Laptop (DTLT) session expires with a timeout error due to a configuration issue.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

A Desktop Laptop (DTLT) session reports as expired from any client, using any browser:

Your Avamar client's session has expired.
To start a new session, close your web browser and launch a request from the system tray or menu bar icon.
 
DTLT client expiry error
 

The DTLT trace log (/usr/local/avamar-tomcat/logs/DTLT_Trace.log reports the following error:

2017-03-01 17:04:47,493 ERROR [ajp-bio-8109-exec-3]-actions.DTLTTopLevelAction: U n e x p e c t e d   l o g i n   e x c e p t i o n
javax.security.auth.login.LoginException: adc-XXXX.domain.com: Name or service not known
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
..
2017-03-01 17:20:15,959 ERROR [ajp-bio-8109-exec-6]-auth.JaasLoginModuleUserAuth: Invalid Login
javax.security.auth.login.LoginException: adc-XXXX.domain.com: Name or service not known
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
    at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 

Testing the Lightweight Directory Access Protocol (LDAP) login for an LDAP admin account in the Avamar UI reports the following types of errors:

LDAP error - receive timed out

 

LDAP error - Clock skew

 
To test the LDAP login of an LDAP admin account from the Avamar UI:
a. Administration
b. LDAP Management
c. Directory Service Management
d. Test
e. Enter the LDAP credentials.

Cause

The cause is likely one of the following:
  • A problem with the Lightweight Directory Access Protocol (LDAP) or Kerberos version 5 (Krb5) configurations on the Avamar grid
  • The file /usr/local/avamar/etc/ldap.properties is configured incorrectly
  • The LDAP account was not successfully authenticated with the Avamar grid

Resolution

1. Confirm that the /usr/local/avamar/etc/ldap.properties file is configured correctly.

Sample:

ldap.url.domain.com=ldap\://abc-XXXX.domain.com\:389
ldap.qualified-name-default=domain.com
ldap.search.results.per.page=1000
mcgui.trace=true

ldap.identifier.adani.default=domain
 

References for LDAP configuration file can be found in the Administration Guides and Product Security Guides for the version specific to the environment.

The following articles may also assist: 
 

2. Ensure that the LDAP server can be pinged from the Avamar grid and vice versa.

3. Ensure that telnet to both the LDAP server and Avamar grid on port 389 is working.

4. Test the LDAP login of an LDAP admin account from the Avamar UI:
a. Administration
b. LDAP Management
c. Directory Service Management
d. Test
e. Enter the LDAP credentials.
 

For "Authentication Fails" or any other authentication-related errors, reset the LDAP admin password within Active Directory and rerun the test.

For the "Clock Skew too great" error, see Avamar: How to configure NTP on an Avamar multinode grid using the asktime utility.

If issues persist, create a Swarm with the Avamar SER team for assistance.

Additional Information

LDAP configuration errors are listed in the Avamar Administration Guide (a sample from v7.3 below):

kA2f1000000RNQGCA4_4_0
 

Affected Products

Avamar

Products

Avamar
Article Properties
Article Number: 000024848
Article Type: Solution
Last Modified: 18 Sept 2025
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.