When running a Policy Server using separate Key Stores, and using Static Agent Keys, with this Registry Keys configuration:
EnableKeyGeneration= 0x0; REG_DWORD
EnableKeyUpdate= 0x0; REG_DWORD
Policy Server 12.8SP3 on RedHat 6
EnableKeyUpdate is to tell the Policy Server to rely on a central Key Store to poll it regularly and retrieve the automatically updated Session Key.
Is the Session Ticket Key randomly generated?
It can be randomly generated or manually. This is useful when you configure in the AdminUI the feature "Generate a random Session Ticket Key" instead of "Specify a Session Ticket Key".
Set "enable key generation" on at least 1 Policy Server. As Static Keys are configured, only 1 Policy Server needs to generate the keys, the one to which the AdminUI connects. This will allow you to change the static Agent Key if needed.
Enabling an Admin Policy Server will have an impact on the Policy Server processing, as operations in the AdminUI will bring additional operations to the Admin Policy Server.
The given Admin Policy Server will roll the keys automatically only if Dynamic Keys are configured. When using Static ones, so the keys won't be rolled automatically, but only when they are explicitly and manually changed in the AdminUI.