Known Error Database
8 entriesKE-0001low risk writeiamKeycloak account lockout — brute-force or stale session
93% confidenceRollback capable
KE-0001low risk writeiam
Keycloak account lockout — brute-force or stale session
93% confidenceRollback capable
Symptoms
account lockedlocked outfailed loginfailed attemptsbrute-forcecannot log inauthentication failureSSOrealmkeycloak
Resolution
1. Review login events: Keycloak Admin Console → Events → Login Events, filter by user and 'LOGIN_ERROR'. 2. Check brute-force status: kcadm.sh get attack-detection/brute-force/users/$USER_ID -r $REALM 3. Unlock account: kcadm.sh update users/$USER_ID -r $REALM -s enabled=true 4. If external IP — enable realm brute-force detection policy, force password reset via kcadm.sh set-password -r $REALM --username $USER --new-password $TEMP_PASS --temporary 5. Clear active sessions: kcadm.sh delete users/$USER_ID/sessions -r $REALM
KE-0002low risk writewindows_serverIIS app pool 503 after patch tuesday
88% confidenceRollback capable
KE-0002low risk writewindows_server
IIS app pool 503 after patch tuesday
88% confidenceRollback capable
Symptoms
503 service unavailableapp pool stoppediis
Resolution
Recycle the impacted application pool. If recycle fails, restart W3SVC. Validate health endpoint.
KE-0003low risk writeinfrastructurePostgreSQL / Linux disk full — WAL archiving stuck
95% confidenceRollback capable
KE-0003low risk writeinfrastructure
PostgreSQL / Linux disk full — WAL archiving stuck
95% confidenceRollback capable
Symptoms
disk fullno space leftWALqueries timing outdatadircapacitypostgresarchiving stuckprod-db
Resolution
1. Identify largest consumers: du -sh /var/lib/postgresql/*/main/pg_wal/ | sort -rh | head -5 2. If WAL archiving stuck: Check archive_command status, restart walreceiver. 3. Emergency space: SELECT pg_switch_wal(); then archive manually. 4. Prune: pg_archivecleanup /var/lib/postgresql/pg_wal <oldest_needed_wal> 5. If still > 90%: Add volume via LVM extend or move pg_wal to dedicated mount. 6. Validate: SELECT pg_is_in_recovery(); check replication lag.
KE-0004high risk writedatabaseDB connection pool exhausted
82% confidenceNo rollback
KE-0004high risk writedatabase
DB connection pool exhausted
82% confidenceNo rollback
Symptoms
too many connectionsconnection refusedpool exhausted
Resolution
Identify long-running transactions (pg_stat_activity); kill idle-in-transaction over 10m; raise pool to runbook ceiling only with DBA approval.
KE-0005low risk writeservice_fulfilmentNew starter onboarding — standard provisioning checklist
97% confidenceRollback capable
KE-0005low risk writeservice_fulfilment
New starter onboarding — standard provisioning checklist
97% confidenceRollback capable
Symptoms
new starteronboardinglaptop setupnew hireprovisioningjoiningstarter laptopdev imagebuilding access
Resolution
1. Create AD account with standard naming ($first.$last). 2. Assign laptop from inventory — image with standard SOE + role-specific apps. 3. Provision: GitHub org invite, Slack channels (per team), VPN profile (Cisco AnyConnect). 4. Request building access badge — submit to Facilities via ServiceNow RITM. 5. Send welcome email with Day-1 checklist, Wi-Fi SSID, IT contact. 6. Schedule 30-min IT orientation for first morning.
KE-0006read onlynetworkVPN disconnection — Cisco AnyConnect drops periodically
89% confidenceRollback capable
KE-0006read onlynetwork
VPN disconnection — Cisco AnyConnect drops periodically
89% confidenceRollback capable
Symptoms
vpn disconnectanyconnectdropsVPNdisconnects randomlyconnection drops
Resolution
1. Check AnyConnect client version — upgrade to latest stable if < 4.10. 2. Disable 'Allow local LAN access' if split-tunnel conflicts. 3. Set MTU to 1406: Preferences > VPN > Transport > MTU. 4. If on Wi-Fi: Switch to 5GHz band, disable power-saving for adapter. 5. Server-side: Check DTLS, ensure headend has sufficient license seats.
KE-0007high risk writeiamService account token expired — automated integration failing
91% confidenceNo rollback
KE-0007high risk writeiam
Service account token expired — automated integration failing
91% confidenceNo rollback
Symptoms
token expired401 unauthorizedservice accountintegration failingAPI key expiredclient_credentials failedtoken refresh failed
Resolution
1. Identify the service account (client_id) from error logs. 2. Check Keycloak Admin → Clients → <client> → Credentials tab for expiry. 3. Rotate client secret: iam_rotate_client_secret tool or KC Admin UI. 4. Update secret in consuming application's vault/config. 5. Verify: curl token endpoint with new credentials. 6. If using short-lived tokens: check token lifespan settings in KC realm.
KE-0008high risk writeiamUnauthorized access report — suspicious login from unknown location
87% confidenceRollback capable
KE-0008high risk writeiam
Unauthorized access report — suspicious login from unknown location
87% confidenceRollback capable
Symptoms
unauthorized accesssuspicious loginunknown IPimpossible travelcompromised accountlogin from foreign countryunusual location
Resolution
1. Pull login events: iam_get_login_events for the user (last 50). 2. Identify anomalous source IPs — cross-reference with known VPN/office ranges. 3. If confirmed unauthorized: iam_disable_user immediately. 4. Revoke all sessions: iam_revoke_sessions. 5. Force password reset: iam_reset_password (OOB email to verified address). 6. Check for lateral movement: review admin-events for role/group changes. 7. File security incident, escalate to SOC if data exfiltration suspected.