ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Java Agent API cannot connect to policy server


Article ID: 102858


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When I port my working Java Agent code from R12 to R12.52, it generate the following error on R12.52 policy server side:

[65180/4086831984][Mon Jun 04 2018 13:30:52][CServer.cpp:2016][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3152 [65180/4086831984][Mon Jun 04 2018 13:30:52][CServer.cpp:2023][ERROR][sm-Tunnel-00030] Handshake error: Failed to receive client hello. Socket error 104
[65180/4086831984][Mon Jun 04 2018 13:30:52][CServer.cpp:2188][ERROR][sm-Server-01070] Failed handshake with

Client side log clip:
17:46:05.410 [main] SMTRACE: SmCluster, enable, Attempting to enable cluster id = 3
17:46:05.410 [main] SMTRACE: SmCluster, enable, Attempting to enable server index = 0
17:46:05.410 [main] SMTRACE: SmServer, enable, started
17:46:05.410 [main] SMTRACE: SmServer, createConnections, Attempt to create connections = 2
17:46:05.410 [main] SMINFO: SmServer, retryTimedoutConnections, Error retrying connection NO CONN
17:46:05.410 [main] SMTRACE: SmServer, createConnection, Currently have 0 connections to server.
17:46:05.410 [main] SMINFO: SmServer, createConnection, Creating a server connection, index = 0
17:46:05.410 [main] SMTRACE: SmServerConnection, init, Attempt to init connection
17:46:05.410 [main] SMTRACE: SmAgentTcpTransport, newInstance, Using SmAgentTcpTransport class
17:46:08.411 [main] SMTRACE: SmAgentTliSession, setup, Initiating TLI handshake
17:46:08.411 [main] SMTRACE: SmConfigAttribute, decrypt, Attempting to decrypt input = {RC2}lv5HPIIpFRvODEg+VU1ocFfnI4jzwmFPtQ5B87lOaW5dgaX+nFZ+JYyRs0MaBskqFKBet6bWi326pbmm8s0nkCTsb+kNRvDvQFcDoNcBEKJz+qah47KrLuJ6S2ak8DO83t1mJ/vG8j9QfbxqbrDaxU5wybJP7NrGysgRuGXOtRnLbOTkN/EERHc20rgy4enM
17:46:08.411 [main] SMTRACE: SmCryptoProvider, init, Setting keys
17:46:08.411 [main] SMTRACE: SmCryptoProvider, init, Setting IV
17:46:08.411 [main] SMTRACE: SmCryptoProvider, init, Initializing params
17:46:08.411 [main] SMTRACE: SmCryptoProvider, init, Init complete
17:46:08.411 [main] SMTRACE: SmCryptoProvider, decrypt, Using crypto provider =, on input length = 192
17:46:08.411 [main] SMTRACE: SmCryptoProvider, decrypt, Getting decrypter
17:46:08.412 [main] SMTRACE: SmCryptoProvider, decrypt, Got decrypter
17:46:08.413 [main] SMINFO: SmServer, releaseConnection, Released connection 34a97744, count = 0
17:46:08.413 [main] SMINFO: SmCluster, enable, Failed to activate cluster id = 3
2018-06-04 17:46:08:414 AgentApi.getConfig() returns  FAILURE (-1)
Connection try 4: Fail to call AgentApi.getConfig()
FATAL: Fail to call AgentAPI.getConfig() for xyz159 after 4 tries.


 The "<sdk_install_dir>/bin/smreghost" created SmHost.conf with contents for JNI based agent.


Policy Server version: on
RH Linux: Linux dvlva177 2.6.32-696.18.7.el6.x86_64 #1 SMP Thu Dec 28 20:15:47 EST 2017 x86_64 x86_64 x86_64 GNU/Linux
SDK version:


Need to run:
"<sdk_install_dir]/bin/>" for Pure Java agent to communicate with  the policy server over TLI protocol..