How is the Connection Status set for A2A clients


Article ID: 103712


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


How is the Connection Status set on the Request Servers (A2A Client machines). 


Password Authority 4.5.3


There is a system property:  propertyname is "clientInactivityCheckHours"

This property is for use by CA Technologies support to help with debugging customer issues. We recommend that customers do not change the default value.
You can check the value of this with the command:
./cspmserver_admin -u admin -p admin4cspm! cmdName=getSystemProperty propertyName=clientInactivityCheckHours

The default is 30 hours.  It is expected that the clients are contacting the server every 24 hours looking for patch updates.  If the server checks every 30 hours for activity, it will change the connection status to UNKNOWN (yellow).  If there has been activity in the last 30 hours, the connection status remains green.

Regarding the client checking for patches:  this is controlled in the $CSPM_CLIENT_HOME/cspmclient/config/cspm_client_config.xml with the <patch> tag.
Here is an example from an A2A client that will check daily between midnight and 5 a.m.

The connections status is only set to RED when there is a definite error reaching the client daemon.

To test this, stop the client daemon on a working client,  and then perform a password update against an account which is mapped to that client. When the PA server processes the events to update the client's cache, it will get a connection failure and mark the client off-line (RED).

The systemProperty can be set with the setSystemProperty command.  Allowed values are between 1 and 30 hours.