During Policy Server communication with Agents there are many
handshake errors can possibly show up in the logs. Here is the list of
all possible error codes and its meanings.
Policy Server (all supported platforms)
Bad security handshake attempt. Handshake error:3151
Initial handshake with the agent is successful (you wont see this
error message in the logs)
Bad security handshake attempt. Handshake error:3152
Failed to receive client hello - Initial handshake is successful
but policy server didnt receive hello message from agent.
Bad security handshake attempt. Handshake error:3153
Bad Version - Client hello received but the hello message is not in
correct length/format. non-FIPS hello is received by the policy
server running in FIPS only mode.
Bad security handshake attempt. Handshake error:3154
Client name does not match hash value - Shared secret sent by the
agent is not correct/valid
Bad security handshake attempt. Handshake error:3155
Failed to send server hello - Client hello message is received and
validated but policy server failed to send server hello back to the
agent. May be socket is not available to send server hello.
Bad security handshake attempt. Handshake error:3156
Failed to receive client ack - Policy server sent server hello
message to client but it didnt receive hello confirmation message
from client.
Bad security handshake attempt. Handshake error:3157
Bad encryption - There is some encryption/decryption issue while
working on the handshake.
Bad security handshake attempt. Handshake error:3158
Server exception caught during handshake attempt - One or more
exceptions seen during handshake attempt.
Bad security handshake attempt. Handshake error:3159
Client Disconnect - Socket was closed before receiving client
hello.
Bad security handshake attempt. Handshake error:3160
Bad host - Incorrect host name in the request (during validation of
shared secret).
Further details can be found in the documentation (1)(2).
(1)
Troubleshooting Agent Configuration
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/troubleshooting/troubleshooting-agent-configuration.html#concept.dita_ced747b41aeeef2733e253382031ce62bf99d4dc_FailedHandshakebetweenWebAgentandPolicyServerNonWindowsEnvironment
(2)
Error Messages
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/troubleshooting/error-messages.html