WebSphere portal 7. com.ibm.websphere.security.auth.WSLoginFailedException. Problems with LTPA token on cluster.

During exploitation the Websphere Portal 7 cluster we encountered the following problems:

• The exception is com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type 

• The exception is com.ibm.websphere.security.auth.WSLoginFailedException: Token expiration Date.

This exception occurred when we tried to validate the incoming LTPA token from http request.
Here how it looks in the code:

 byte[] cookieBytes = com.ibm.websphere.security.WSSecurityHelper.convertCookieStringToBytes(LTPA_TOKEN);
            uniqueId = com.ibm.wsspi.security.token.WSSecurityPropagationHelper.validateLTPAToken(cookieBytes);

The call to validateLTPAToken throw the exception.
To cure the error manually synchronize the cluster nodes:
1. Stop all nodes, servers, dmgrs
2. Start dmgr
3. run command ./syncNode.sh x.xx.xxx.xxx 8879 -username xxx -password xxxxxxx
4. start node and servers.

Please, refer to infocenter for reference.

Well, one more thing. If you have two different portal clusters on the same domain, it can cause you trouble.
Here is the scenario:
1) You login into the first portal. The LtpaToken2 cookie is created on the domain.
2) You login to the second portal. The LtpaToken2 cookie is also created. And in your future requests there will be 2 cookies LtpaToken2.

If you cannot alter the portal settings, then alter your ltpatoken validation code. Extract every occurrences of LtpaToken2 from request and  validate them all.