search cancel

Possible handshake errors in Policy Server smps.log explanations

book

Article ID: 42071

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

During Policy Server communication with Agents there are many
handshake errors can possibly show up in the logs. Here is the list of
all possible error codes and its meanings.

 

Environment

 

Policy Server (all supported platforms)

 

Resolution

 

  Bad security handshake attempt. Handshake error:3151

     Initial handshake with the agent is successful (you wont see this
     error message in the logs)

  Bad security handshake attempt. Handshake error:3152

     Failed to receive client hello - Initial handshake is successful
     but policy server didnt receive hello message from agent.

  Bad security handshake attempt. Handshake error:3153

     Bad Version - Client hello received but the hello message is not in
     correct length/format. non-FIPS hello is received by the policy
     server running in FIPS only mode.

  Bad security handshake attempt. Handshake error:3154

     Client name does not match hash value - Shared secret sent by the
     agent is not correct/valid

  Bad security handshake attempt. Handshake error:3155

     Failed to send server hello - Client hello message is received and
     validated but policy server failed to send server hello back to the
     agent. May be socket is not available to send server hello.

  Bad security handshake attempt. Handshake error:3156

     Failed to receive client ack - Policy server sent server hello
     message to client but it didnt receive hello confirmation message
     from client.

  Bad security handshake attempt. Handshake error:3157

     Bad encryption - There is some encryption/decryption issue while
     working on the handshake.

  Bad security handshake attempt. Handshake error:3158

     Server exception caught during handshake attempt - One or more
     exceptions seen during handshake attempt.

  Bad security handshake attempt. Handshake error:3159

     Client Disconnect - Socket was closed before receiving client
     hello.

  Bad security handshake attempt. Handshake error:3160

     Bad host - Incorrect host name in the request (during validation of
     shared secret).

Further details can be found in the documentation (1)(2).

 

Additional Information

 

(1)

    Troubleshooting Agent Configuration
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/troubleshooting/troubleshooting-agent-configuration.html#concept.dita_ced747b41aeeef2733e253382031ce62bf99d4dc_FailedHandshakebetweenWebAgentandPolicyServerNonWindowsEnvironment

(2)

    Error Messages
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/troubleshooting/error-messages.html