Agent connection to Policy Server fails on CA Access Gateway (SPS)
search cancel

Agent connection to Policy Server fails on CA Access Gateway (SPS)

book

Article ID: 260991

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction


When running CA Access Gateway (SPS), this one reports the error:

[14155/140707866306304][Mon Jan 30 2023 21:22:03.996][CSmAgentApiBase.cpp:641][ERROR][sm-AgentFramework-00810] API: SiteMinder Agent Api function failed - 'Sm_AgentApi_DoManagement' returned '-1'.
[14155/140707866306304][Mon Jan 30 2023 21:22:03.997][CSmAdminManager.cpp:934][WARNING][sm-AgentFramework-00340] ADMIN: DoManagement failed.  Agent unable to process possible management events.

These errors have been solved by restarting CA Access Gateway (SPS).

 

Cause


The agentwaittime parameter may help to fix that problem (1)(2).

What the KDs (1)(2) don't mention, is this might happen when the connection between CA Access Gateway (SPS) and Policy Server may be terminated by a Firewall or Load Balancer too.

When this happens, CA Access Gateway (SPS) doesn't know that the connection has been cut. So, it tries still to use it, and it ends with above error message, and 500 in the user's browser.

SM_ENABLE_TCP_KEEPALIVE makes aware the CA Access Gateway (SPS) of such half-terminated connections and prevents thus this issue (3)(4)(5).

 

Resolution


On both the Policy Server and the CA Access Gateway (SPS), enable SM_ENABLE_TCP_KEEPALIVE (6).

 

Additional Information