After adding a second Policy Server (PS2) that is pointing to the same Policy and Key Store of Policy Server 1 (PS1) to the HCO, the below errors in the Policy Server smtracedefault.log start to show up:
[02/15/2019][10:21:55.503][10:21:55][3136][6008][CServer.cpp:2132][][][][][][][][][][][][][][][][][][][][][]
[LogMessage:ERROR:[sm-Tunnel-00050] Handshake error: Shared secret incorrect for this client]
[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[02/15/2019][10:21:55.503][10:21:55][3136][6008][CServer.cpp:2078][GetSecretFunc][][][][][][][][][][][][][][][][][][][][]
[Error while fetching previous secret for the Agent abc][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
The encryption is not the same on both Policy Servers. Comparing the content of the EncryptionKey.txt on both Policy Server shows that they aren't the same.
Siteminder 12.8 SP1 on Windows 2012 R2
Note:
This solution is only valid for Policy Servers on Windows platforms. For Policy Servers on Linux platforms, please follow the instructions in the documentation to rest the encryption key (1).