4 Replies Latest reply on Apr 23, 2014 10:04 AM by David Archbold

    BladeLogic Console 8.5 unexpected session time out

    David Archbold

      Hello all, we recently updated our BladeLogic environment from 8.2 to 8.5 patch 1.  The upgrade went smoothly, but it seems as though the BladeLogic Console app is expiring our sessions sooner than expected and configured.


      In the BladeLogic app server admin we have the following parameters set:


      AuthServer SessionCredentialLifetime = 28800 (this is in seconds, correct? our intent is to expire a session every 8 hours in dev)

      AppServer IdleConnectionPruneTime = 30 (now this is in minutes, correct?)



      What we are seeing is that the BladeLogic Console is expiring our credentials every 10 minutes, regardless of activity.   After the change was made to the SessionCredentialLifetime, the application server services were restarted completely (and the client console was closed/reopened with a fresh session).


      Is there another configuration item that we may have missed?  Any suggestions would be greatly appreciated, thanks!

        • 1. Re: BladeLogic Console 8.5 unexpected session time out
          Newton Nyante

          Correct SessionCredentialLifetime is in seconds.  We can verify the lifetime of the acquired credential as well and the AuthServer is providing the detail as expected.


          From the Console when you login ensure you select "Save credential from this session" in the "Options" area.  Then you'll be able to view details in the "Credentials" tab.


          From the commandline you can run "blcred cred -list" to list details of the currently stored credential also.

          • 2. Re: BladeLogic Console 8.5 unexpected session time out
            David Archbold


            I verified the "Save credential from this session" is checked.   I deleted the cached credentials, then reconnected and verified my session in the "Credentials" tab.   The expiration date was 10 minutes in the future....


            The buggy part though is, when I tried issuing the blcred command from the application server it returned the following error output:


            2014-04-23 08:35:49,584  WARN [main] (BlLogger.java:152) - Cannot parse the session credential cache.

            The session credential cache is empty


            Looks like something may have been corrupted during the upgrade?  We are using Active Directory domain authentication, does this have an impact on if/how those sessions are stored on the server? 

            • 3. Re: BladeLogic Console 8.5 unexpected session time out
              Bill Robinson

              On the appserver, had you run blcred to get creds ?  if you didn’t there’s not going to be a cached credential..


              What is the ‘maximumsessioncredentiallifetime’ set to in blasadmin ?

              • 4. Re: BladeLogic Console 8.5 unexpected session time out
                David Archbold

                Bill - yep that was it.  I missed that option, I saw "SessionCredentialLifetime", but not "MaximumSessionCredentialLifetime".  It was at 10 (surprise!) and I set it to 480.   When I reconnected and checked the session expiration it was indeed set correctly.


                So that's good to know it was just a config setting, but can you clarify exactly what the difference between those two options are?   The wording on the help text from blasadmin isn't clear to me:


                MaximumSessionCredentialLifetime - Maximum validity period of single sign-on session credentials. Once this timeout is reached a session credential can no longer be refreshed.


                SessionCredentialLifetime - Validity period of single sign-on session credentials. Default value is 600.


                Essentially I want an 8-hour expiration on the client sessions.  I had previously set "SessionCredentialLifetime" to 28800, but should that remain the default value of 600 and I just adjust "MaximumSessionCredentialLifetime" or do they both need to be set together, etc?