In the Web Agent traces, messages like these can be seen:

  [<Date>][<Time>][24624][9836][<TransactionID>][IsResourceProtected][Communication failure between SiteMinder policy server and web agent.]

But users report no problems.

• Check if there is any network interruption causing this;
• Check if the Policy Server is shutdown or restarted;
• If the WebAgent's SmHost.conf and HCO are pointing to a single Policy Server then you would be experiencing an outage at this point;
• If multiple Policy Servers are defined, users may not see any error as Loadbalance/Failover takes care of agent requests. However, you will find these errors in the log during failover (1)(2)(3);
• Check if all custom authentications are loading correctly. (When there is a request for custom authentication and if it does not load properly then you can get this error as well);
• Check if the Policy Server has a problem executing Active Expression and retrieving data, which can lead to a timeout. To illustrate in the trace log there were three separate ~20-second delays all within CSmActiveExpr::GetActiveValue function calls for the delayed transactions resulting in:

     LogMessage:ERROR:[sm-Server-02740] Failed to retrieve the value.

         There were 3 active expressions. They have been removed and authentication went through very fast.
  
If it is not the above, it can be due to a bad request.

In case someone is forging a request passing invalid query parameters such as agentname to the login.fcc, so when the Agent sends this data to the Policy Server, the Policy Server may find this request to be invalid and result in this error being logged (4).

(1)

    Error 500 : Web Agent Failing to Connect to Policy Server
    

(2)

    Error : Agent Api function failed with Web Agent and Load Balancer
    

(3)

    Error : Web Agent reports Failover from cluster [0] to cluster [1]
    
    
(4)

    Error : Cannot fetch Agent errors in smps log