Failed Handshake between Webagent and Policy Server.


Article ID: 21905


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We have already successfully running webagent and suddenly it reports following error in webserver log.

[Error] SiteMinder Agent Unable to load SiteMinder host configuration object or host configuration file.
Path to the SiteMinder host configuration File is Empty.

Policy Server smps.log shows failed handshake errors:

[1860/2604][Mon Jul 18 2016 13:59:03][CServer.cpp:1959][ERROR][sm-Tunnel-00050] Handshake error: Shared secret incorrect for this client
[1860/2604][Mon Jul 18 2016 13:59:03][CServer.cpp:2121][ERROR][sm-Server-01070] Failed handshake with


What are the reason of a Failed Handshake between Webagent and Policy Server (need to re-register the Agent)?



All Unix environments


On all non-Windows platforms, the agent code used to encrypt and decrypt the shared secret uses a key that is derived from a hard coded value combined with the results of calling gethostid() on the platform in question.  gethostid() is a standard C Library function that returns a 32-bit long value.

Different UNIX system implements this function differently. For e.g  Linux, AIX and solaris , the system implementation for the gethostid() C library function is not the same.

As such, SiteMinder web agent might not be able to decrypt the shared secret generated in one UNIX system when moved to other system.

Not only that, if the host ID of the same system changes (due to change in IP, hostname, mac address etc ) , the webagent will not be able to decrypt the shared secret which was originally generated on the same system, in which case you need to re-register the trusted host.

Additional Information

gethostid Linux Man Page :

This has been incorporated into the documentation. Please visit for your version for updated information