I will first explain in general the reason "A secondary session request was received ..." :
Most of our identities are saved one per IP - which means, if I will be associated to IP 192.168.1.100, and your user will be associated also one hour after with same IP - the following will happen:
- my username (the "old one" on this IP) will be overwritten with your username.
- a log message will be sent to the SmartLog - A secondary session request was received
This is how the product works by design.
The SK you have mentioned tries to explain this message with the most frequent scenario which cause it - service accounts, which Identity Collector and AD Query really sensitive for them.
Now, we will need to understand what is the flow which happens in your environment which cause this error to be presented.
As for the errors in fwk, basically what they mean, without reading the full debug, is that there is a mismatch in IDA tables on the enforcement side. As this is cluster environment, I would recommend applying sk170516.
As for the support ticket handling, I will appreciate if you could provide me with the ticket number and I will check it with TAC guys to understand the delay.
Group manager, Identity Awareness R&D