How to register Trusted Host
search cancel

How to register Trusted Host


Article ID: 136336


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER


This is to demonstrate how to register Trusted Host and provide some data for reference.


Release : 12.52 Service Pack X Web Agents



This is based on documentation linked below. - WebAgent - Policy Server -




Agent is created (iis-agent)

ACO is created (Copy from "IISDefaultSettings" in case if it is for IIS Web Server, "iis-aco" is created)

HCO is created (Copied from "DefaultHostSettings", created "iis-hco")



Trusted Host Registration Steps:


Run Agent Configuration Wizard for Host Registration.

At this point smreghost is run, smreghost opens TCP ephemeral port to connect to Policy Server.

In this case it was port 50212

Smreghost will connect to Policy Server's 44442 (Authentication) Port for registration.

Please ensure TCP port 44442 is open for smreghost to succeed.



Once TCP Handshake is complete, WebAgent will send the Registration Information. Only 1 TCP connection is required to complete host registration.

Connection should be initiated and terminated from Web Agent.


Web Agent uses a predefined Tunnel agent called "smtunnel" and also sends the SiteMinder Administrator name appended to it as "smtunnel-siteminder".

Policy Server would perform the TrustedHost registration once this is successful.


Register against a single Policy Server.

Ensure HCO has the correct Policy Server IP Address.

Recommendation is to add the Policy Server you are registering against to be the only Policy Server or one as Primary in the HCO. You can then add more Policy Servers after the Trusted Host Registration successfully completes.


If everything is successful then the trustedhost would  be generated.



Trusted Host Registration can be done via Agent Configuration Wizard (which is the above), and can be done via command-line as well.


Additional Information

In case if Trusted Host Registration fails, following data would be helpful to investigate.

1. smps.log 

2. wireshark capture from Web Agent and Policy Server

3. IP Address information (Web Agent and Policy Server)

4. Agent Name  (Screenshot of Agent Object in AdminUI)

5. ACO (Screenshot of ACO in AdminUI) showing  all parameters.

6. HCO (Screenshot of HCO in AdminUI) showing all parameters.

7. Screenshot of command-line output where smreghost was run and error logged.

8. Time when smreghost was run.

9. In addition, if smreghost is run on Windows, Process Monitor Log capturing the event would help. Provide PML log file.

10. In addition, if smreghhost is run on linux, "strace -Ff -t -i -v -o smreghost.log -s 16384 <actual smreghost command>" and provide the smreghost.log

(In case if above command does not work, "strace -f -t -i -v -o smreghost.log -s 16384 <actual smreghost command>")