Agent connection to Policy Server fails on CA Access Gateway (SPS)
search cancel

Agent connection to Policy Server fails on CA Access Gateway (SPS)


Article ID: 260991


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)



When running CA Access Gateway (SPS), this one reports the error:

[14155/140707866306304][Mon Jan 30 2023 21:22:03.996][CSmAgentApiBase.cpp:641][ERROR][sm-AgentFramework-00810] API: SiteMinder Agent Api function failed - 'Sm_AgentApi_DoManagement' returned '-1'.
[14155/140707866306304][Mon Jan 30 2023 21:22:03.997][CSmAdminManager.cpp:934][WARNING][sm-AgentFramework-00340] ADMIN: DoManagement failed.  Agent unable to process possible management events.

These errors have been solved by restarting CA Access Gateway (SPS).




At first glance, the agentwaittime parameter may help to fix that problem (1)(2).

What the KDs (1)(2) don't mention is this might happen when the connection between CA Access Gateway (SPS) and Policy Server may be terminated by a Firewall or Loadbalancer too.

When this happens, CA Access Gateway (SPS) doesn't know that the connection has been cut. So it tries still to use it and ends with above error message and 500 in the user's browser.

SM_ENABLE_TCP_KEEPALIVE makes aware the CA Access Gateway (SPS) of such half-terminated connections and prevents thus this issue (3)(4)(5).




On both Policy Server and CA Access Gateway (SPS), enable SM_ENABLE_TCP_KEEPALIVE (6).


Additional Information



    Error: Sm_AgentApi_IsProtectedEx, Sm_AgentApi_LoginEx in Web Agent log


    Error: Agent Api function failed with Web Agent and Load balancer

    Error: Web Agent reports Failover from cluster [0] to cluster [1]

    Error: Sm_AgentApi_Init Failed intermittently in the event viewer log

    All application's URLs down - not accessible and reachable - Web Agent


    Policy Server Hangs after Web Agent Communication Failure