SiteMinder r12.52 sp2 on Windows 2012 R2.
I have a user directory in the AD namespace that was working fine, but the directory definition only encompasses the US domain. Customer requested that I create a new user directory definition that can access the AD Global Catalog. I set up a separate user directory definition in the AD namespace. I'm able to view records in this new directory which, like the original user directory, uses sAMAccountName as the universal ID.
I redefined my policy domains to use the new directory and restarted policy servers and login servers. My test domain is on the login server, but access fails with this error in smps.log:
[4700/4384][Mon Feb 22 2016 15:03:37][SmAuthUser.cpp:692][ERROR][sm-Server-02740] [SM-APS-00117] User is neither NT nor LDAP!!!
I tried Option 2 from the link above to disable APS, but the error still occurs. And, when I reverted all my policy domains back to the original directory definition which had been working, I'm still getting the error even though I restarted all servers. So, CA SSO is out of commission until this is resolved.
Any idea what's going on?