search cancel

Connection idle too long before handshake in Policy Server smps.log

book

Article ID: 144038

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Policy Server, suddendly the following log lines in the
Policy Server get written in the smps.log :

    [CServer.cpp:1735][INFO][sm-Server-01770]
    Closing accepted connection for session # 786919 connection idle too long before handshake .

and at that time, the Web Agent reporting those errors :

    [2936/712][Fri Jan 03 2020 14:38:11][CSmLowLevelAgent.cpp:557]
    [ERROR][sm-AgentFramework-00520]
    LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_IsProtectedEx' returned '-2'.

    [2936/712][Fri Jan 03 2020 14:38:11][CSmProtectionManager.cpp:192]
    [ERROR][sm-AgentFramework-00420]
    HLA: Component reported fatal error: 'Low Level Agent'.

    [2936/712][Fri Jan 03 2020 14:38:11][CSmHighLevelAgent.cpp:1037]
    [ERROR][sm-AgentFramework-00420]
    HLA: Component reported fatal error: 'Session Manager'.

    [2936/712][Fri Jan 03 2020 14:38:11][CSmResourceManager.cpp:158]
    [WARNING][sm-AgentFramework-00480]
    HLA: Missing resource data.

 

Cause

 

This is mainly due to third party on the network or some latency on
the network itself bringing communication problem.

smps.log

  [2426/3991915376][Fri Jan 03 2020 14:38:06][CServer.cpp:1735]
  [INFO][sm-Server-01770]
  Closing accepted connection for session # 786919 connection idle too long before handshake .

WebAgent.log

  [2936/712][Fri Jan 03 2020 14:38:11][CSmLowLevelAgent.cpp:557]
  [ERROR][sm-AgentFramework-00520]
  LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_IsProtectedEx' returned '-2'.

  [2936/712][Fri Jan 03 2020 14:38:11][CSmProtectionManager.cpp:192]
  [ERROR][sm-AgentFramework-00420]
  HLA: Component reported fatal error: 'Low Level Agent'.

  [2936/712][Fri Jan 03 2020 14:38:11][CSmHighLevelAgent.cpp:1037]
  [ERROR][sm-AgentFramework-00420]
  HLA: Component reported fatal error: 'Session Manager'.

It seems there have been a problem on the network (including firewall,
loadbalancer, switch, etc. ) (1)(2)(3).

 

Environment

 

  Web Agent 12.52SP1CR09 on IIS 8.5 on Windows 2012R2;
  Policy Server 12.52SP1CR00 on RedHat 6;
 
  There's a firewall between the Web Agent and the Policy Server;

 

Resolution

 

On the Web Agent, set the following parameter in the WebAgent.conf
file (4):

  AgentWaittime="70"

On the Web Agent, set the following environment variable for the Web
Server (5) :

  SM_ENABLE_TCP_KEEPALIVE 

Additional Information

 

(1)

    Error : Agent Api function failed with Web Agent and Load Balance
    https://knowledge.broadcom.com/external/article?articleId=38141

(2)

    Error : Web Agent reports Failover from cluster [0] to cluster [1]
    https://knowledge.broadcom.com/external/article?articleId=141422

(3)

    Error: Sm_AgentApi_IsProtectedEx, Sm_AgentApi_LoginEx in Web Agent log
    https://knowledge.broadcom.com/external/article?articleId=45157

(4)

    AgentWaitTime Explained
    https://knowledge.broadcom.com/external/article?articleId=41408

(5)

    Error : 500 Web Agent and Policy Server Network Communication Problem
    https://knowledge.broadcom.com/external/article?articleId=42108