KB-2049 "Invalid Security Token" reported in service manager log


In the service_manager.log file located in <APPIAN_HOME>/logs/, the following warning is present:

com.appian.komodo.gateway.handler.codec.SecurityTokenDecoder - Invalid Security Token.


There are two potential causes that could result in this warning message:

  1. This issue can be caused by the circumstances outlined in KB-1823 where the appian.sec security token located in <APPIAN_HOME>/conf is missing, or has been altered.
  2. This warning can appear when a port scanner, or some other process connects to the Appian engine ports. The warning appears because the scanner or process connecting to the port does not have or does not send a valid security token at the beginning of its connection. 

Note: For the 2nd cause listed above, the invalid security token warning message can be disregarded. The following documentation provides additional details about the security token.


To address issues with the security token being modified or deleted, follow the procedures outlined in KB-1823 to either copy the security token from a backup directory, or to generate a new security token.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: January 2020