CA Single Sign-on: Closing accepted connection for session

book

Article ID: 144038

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and suddendly we see the following log lines in
the Policy Server smps.log :

    [CServer.cpp:1735][INFO][sm-Server-01770] Closing accepted
    connection for session # 786919 connection idle too long before
    handshake .

and at that time, you see the Web Agent reporting those errors :

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmLowLevelAgent.cpp:557][ERROR][sm-AgentFramework-00520]
    LLA: SiteMinder Agent Api function failed -
    'Sm_AgentApi_IsProtectedEx' returned '-2'.

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmProtectionManager.cpp:192][ERROR][sm-AgentFramework-00420]
    HLA: Component reported fatal error: 'Low Level Agent'.

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmHighLevelAgent.cpp:1037][ERROR][sm-AgentFramework-00420]
    HLA: Component reported fatal error: 'Session Manager'.

    [2936/712][Fri Jan 03 2020
    14:38:11][CSmResourceManager.cpp:158][WARNING][sm-AgentFramework-00480]
    HLA: Missing resource data.

How can we fix that ?

 

Cause

 

This is mainly due to third party on the network or some latency on
the network itself bringing communication problem.

smps.log

  [2426/3991915376][Fri Jan 03 2020
  14:38:06][CServer.cpp:1735][INFO][sm-Server-01770] Closing accepted
  connection for session # 786919 connection idle too long before
  handshake .

WebAgent.log

  [2936/712][Fri Jan 03 2020
  14:38:11][CSmLowLevelAgent.cpp:557][ERROR][sm-AgentFramework-00520]
  LLA: SiteMinder Agent Api function failed -
  'Sm_AgentApi_IsProtectedEx' returned '-2'.

  [2936/712][Fri Jan 03 2020
  14:38:11][CSmProtectionManager.cpp:192][ERROR][sm-AgentFramework-00420]
  HLA: Component reported fatal error: 'Low Level Agent'.

  [2936/712][Fri Jan 03 2020
  14:38:11][CSmHighLevelAgent.cpp:1037][ERROR][sm-AgentFramework-00420]
  HLA: Component reported fatal error: 'Session Manager'.

From these KD, it seems there have been a problem on the network
(including firewall, loadbalancer, switch, etc. )

  Agent Api function failed when load balancer is introduced between agent and policy server
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=38141

  Getting multiple alerts on Web Agent server
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=141422

  Sm_AgentApi errors
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=45157

 

Environment

 

  Web Agent 12.52SP1CR09 on IIS 8.5 on Windows 2012R2;
  Policy Server 12.52SP1CR00 on RedHat 6;
 
  There's a firewall between the Web Agent and the Policy Server;

 

Resolution

 

On the Web Agent, set the following parameter in the WebAgent.conf
file :

  AgentWaittime="70"

  AgentWaitTime Explained
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=41408
  
  Web Agent :: AgentWaitTime
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=50471
  
On the Web Agent, set the following environment variable for the Web
Server :

  SM_ENABLE_TCP_KEEPALIVE 

  Web Agent and Policy Server Network Communication Disruption
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=42108