ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AgentWaitTime Explained

book

Article ID: 41408

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 

While troubleshooting connectivity problems between Web Agent and
Policy Server, we noticed the mention of AgentWaitTime parameter in
the documentation :

  Troubleshooting Agent Configuration

    AgentWaitTime
    Default value: 5

    For more information, see Accommodate Network Latency section in
    Basic Agent Setup and Policy Server Connections.

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/troubleshooting/troubleshooting-agent-configuration.html

We'd like to know


  - What is the purpose of AgentWaitTime ?
  - How do we configure it ?
  - What is the default value ?
  - Is there a maximum value ?
  - Is there any formula to calculate optimum value ?
  - Is there any disadvantages of setting it to a high value ?
  - What impact does agentwaittime have on websserver stop ?

 

Resolution

 

What is the purpose of AgentWaitTime ?

  It specifies the number of seconds that the Web Agent is allowed to
  wait for the Low Level Agent Worker process (LLAWP) to become
  available. When the interval expires the Web Agent tries to connect to
  the Policy Server. Setting this parameter may help resolve agent
  start-up errors related to slower network connectivity or slow web
  server initialization.

How do I configure it?

  As this setting is related to Agent initialization which means it
  still have not contacted Policy server and loaded the ACO from the
  policy store, this parameter must be configured locally in the
  WebAgent.conf file.

What is the default value?

  - In FIPS Only mode, the default minimum value is 20 seconds.

  - In all other FIPS mode, the default minimum value is 5 seconds.

  - The default value is higher in FIPS Only mode, to account for
    slower ETPKI initialization time.

Is there a maximum value?

  There is no maximum value.

Is there any formula to calculate optimum value?

  Following formula could be used as a guidance for calculating the
  optimum value for AgentWaitTime :

  The_number_of_Policy_Servers x 30) + 10 = value of the AgentWaitTime
  parameter (in seconds).

  For example, if you have five Policy Servers, then set value of the
  AgentWaitTime parameter to 160. [(5x30) + 10 = 160] (seconds).

  Here, the policy servers used are the only bootstrap policy servers
  as specified in the SmHost.conf file. The idea is to allow at least
  30 seconds interval for initialization of each boot strap policy
  server.

  However, that said, this is just a guidance and you can choose any
  higher value that you feel is necessary.

Is there any disadvantages of setting it to a high value?

  If your network is good and the LLAWP takes only few seconds to
  connect to Policy server and perform initialization, then even if
  you have specified higher value for AgentWaitTime that will not
  really matter.

  For e.g. let’s say you have configured AgentWaitTime = 200 seconds.

  But as your network is in good state and it took Web Agent only 5
  seconds to initialize, then it will only spend 5 seconds in
  initialization, it won’t wait or the complete 200 seconds to expire.

  In that sense there is NO disadvantage of setting AgentWaitTime to
  high value.

  Moreover, the AgentWaitTime plays role only during
  initialization/startup, it does not have any impact whatsoever for
  the normal communication of the Agent to PS e.g IsProtected,
  IsAuthroized calls etc.

What impact does it have on Web Server stop

  None