Getting handshake errors for AAS(Advanced Authentication Service) in smps logs

book

Article ID: 37244

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue: 

After installing the policy server we are getting below errors in smps logs.

[60721/4120410992][Tue Apr 14 2015 20:25:40][CServer.cpp:1871][ERROR][sm-Server-01060] Handshake error: Unknown client name 'default_dtnaacvdl.ca.com_aas' in hello message

[60721/4120410992][Tue Apr 14 2015 20:25:40][CServer.cpp:1965][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3160

[60721/4120410992][Tue Apr 14 2015 20:25:40][CServer.cpp:1986][ERROR][sm-Tunnel-00100] Handshake error: Bad hostname in hello message

[60721/4120410992][Tue Apr 14 2015 20:25:40][CServer.cpp:2137][ERROR][sm-Server-01070] Failed handshake with ::ffff:170.2.88.40:42558

Environment:  

Policy Server: R12.52 SP01 CR01

Cause: 

AAS(Advanced Authentication Service) is installed by default with the 12.52 SP1 CR01 Policy Server, but it is not configured.

When you start the policy server using the command start-all, it starts the Advanced Authentication Service as well and tries to connect to the Policy Server. Since the Advanced Authentication Service is not configured, Policy Server throw the handshake error exceptions.

Resolution:

There are two options to address this issue.

Option 1:

1- stop the policy server using the command stop-all.

2- start the policy server using the command start-ps instead of start-all. 

 

Option 2:

Setup and configure AAS(Advanced Authentication Service) as documented  

 

 

Environment

Release:
Component: SMPLC