We are currently experiencing an anomaly in the load balancing of authentication requests between the two CA Policy Servers in the Production environment.
Our infrastructure is composed as follows:
- 2 CA Policy Server
- 1 CA AdminUI
- 2 CA Access Gateway
- CA Web Agent (used in agent-based interactions)
In general we have noticed that in the smaccess.log of Policy Server 1 more occurrences of AuthAccept, AuthReject and AuthAttempt are tracked than in Policy Server 2. We confirm that during the configuration phase, both for CA Access Gateway and CA Web Agent, the Host Configuration Objects has been configured as follows:
Policy Servers: <policy_server1><Accounting Port><Authentication Port><Authorization Port>.
<policy_server2><Accounting Port><Authentication Port><Authorization Port>
Enable Failover: NO
Maximum Sockets Per Port: 20
Minimum Sockets Per Port: 2
New Socket Step: 2
Request Timeout: 60
For example, Policy Server 1 traced 6905 occurrences of AuthAccept in a week's trace and CA Policy Server 2 traced 836 occurrences.
After this premise, what is causing an incorrect load balance between the two Policy Servers?
Is it necessary to configure additional parameters to ensure a correct load distribution between the two CA Policy Servers?
Release : 12.8
Component : SITEMINDER -WEB AGENT FOR APACHE
Ideally if the Failover is NO that means it is round robin. The request sequentially will go the list of Policy servers,
However, if a Policy Server is not responding with in time it will reach the next Policy Server , because the request can not stop at that PS and fail,
So there would be dependency on the network response as well,