CA Single Sign-on: Closing accepted connection for session

Article Id: 144038
Status: Published
Updated On: 30-01-2020 01:17
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On Agents (SiteMinder) , SITEMINDER , CA Single Sign On Federation (SiteMinder) , CA Single Sign On SOA Security Manager (SiteMinder) , SITEMINDER
Issue/Introduction:

 

We're running a Policy Server and suddendly we see the following log lines in
the Policy Server smps.log :

    [CServer.cpp:1735][INFO][sm-Server-01770] Closing accepted
    connection for session # 786919 connection idle too long before
    handshake .

and at that time, you see the Web Agent reporting those errors :

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmLowLevelAgent.cpp:557][ERROR][sm-AgentFramework-00520]
    LLA: SiteMinder Agent Api function failed -
    'Sm_AgentApi_IsProtectedEx' returned '-2'.

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmProtectionManager.cpp:192][ERROR][sm-AgentFramework-00420]
    HLA: Component reported fatal error: 'Low Level Agent'.

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmHighLevelAgent.cpp:1037][ERROR][sm-AgentFramework-00420]
    HLA: Component reported fatal error: 'Session Manager'.

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmResourceManager.cpp:158][WARNING][sm-AgentFramework-00480]
    HLA: Missing resource data.

How can we fix that ?

 

Cause:

 

This is mainly due to third party on the network or some latency on
the network itself bringing communication problem.

smps.log

  [2426/3991915376][Fri Jan 03 2020
  14:38:06][CServer.cpp:1735][INFO][sm-Server-01770] Closing accepted
  connection for session # 786919 connection idle too long before
  handshake .

WebAgent.log

  [2936/712][Fri Jan 03 2020
  14:38:11][CSmLowLevelAgent.cpp:557][ERROR][sm-AgentFramework-00520]
  LLA: SiteMinder Agent Api function failed -
  'Sm_AgentApi_IsProtectedEx' returned '-2'.

  [2936/712][Fri Jan 03 2020
  14:38:11][CSmProtectionManager.cpp:192][ERROR][sm-AgentFramework-00420]
  HLA: Component reported fatal error: 'Low Level Agent'.

  [2936/712][Fri Jan 03 2020
  14:38:11][CSmHighLevelAgent.cpp:1037][ERROR][sm-AgentFramework-00420]
  HLA: Component reported fatal error: 'Session Manager'.

From these KD, it seems there have been a problem on the network
(including firewall, loadbalancer, switch, etc. )

  Agent Api function failed when load balancer is introduced between agent and policy server
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=38141

  Getting multiple alerts on Web Agent server
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=141422

  Sm_AgentApi errors
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=45157

 

Environment:

 

  Web Agent 12.52SP1CR09 on IIS 8.5 on Windows 2012R2;
  Policy Server 12.52SP1CR00 on RedHat 6;
 
  There's a firewall between the Web Agent and the Policy Server;

 

Resolution:

 

On the Web Agent, set the following parameter in the WebAgent.conf
file :

  AgentWaittime="70"

  AgentWaitTime Explained
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=41408
  
  Web Agent :: AgentWaitTime
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=50471
  
On the Web Agent, set the following environment variable for the Web
Server :

  SM_ENABLE_TCP_KEEPALIVE 

  Web Agent and Policy Server Network Communication Disruption
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=42108