This is based on documentation linked below.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/administrating/register-a-trusted-host-using-the-smreghost-registration-tool.html

192.168.0.5 - WebAgent

192.168.0.3 - Policy Server - master.example.com

Prerequisites:

Agent is created (iis-agent)

ACO is created (Copy from "IISDefaultSettings" in case if it is for IIS Web Server, "iis-aco" is created)

HCO is created (Copied from "DefaultHostSettings", created "iis-hco")

Trusted Host Registration Steps:

Run Agent Configuration Wizard for Host Registration.

At this point smreghost is run, smreghost opens TCP ephemeral port to connect to Policy Server.

In this case it was port 50212

Smreghost will connect to Policy Server's 44442 (Authentication) Port for registration.

Please ensure TCP port 44442 is open for smreghost to succeed.

Once TCP Handshake is complete, WebAgent will send the Registration Information. Only 1 TCP connection is required to complete host registration.

Connection should be initiated and terminated from Web Agent.

Web Agent uses a predefined Tunnel agent called "smtunnel" and also sends the SiteMinder Administrator name appended to it as "smtunnel-siteminder".

Policy Server would perform the TrustedHost registration once this is successful.

Register against a single Policy Server.

Ensure HCO has the correct Policy Server IP Address.

Recommendation is to add the Policy Server you are registering against to be the only Policy Server or one as Primary in the HCO. You can then add more Policy Servers after the Trusted Host Registration successfully completes.

If everything is successful then the trustedhost would  be generated.

Trusted Host Registration can be done via Agent Configuration Wizard (which is the above), and can be done via command-line as well.