Can't get siteminder started (Legacy KB ID: 148221)
search cancel

Can't get siteminder started (Legacy KB ID: 148221)


Article ID: 54645


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Restart the server since the system was not responding. Upon restart all of  web-agent protected application are returing the classic Server Error 500 message.


Both auth, az log indicates:

[24/Mar/2004:10:42:44 -0500][1720-Server] Received connection request
[24/Mar/2004:10:42:44 -0500][1716-Server] New connection attempt from
[24/Mar/2004:10:42:44 -0500][1716-E] Handshake error: Unknown client name 'nis_agent' in hello message
[24/Mar/2004:10:42:44 -0500][1716-E] Bad security handshake attempt. Handshake error: 3160
[24/Mar/2004:10:42:44 -0500][1716-E] Handshake error: Bad hostname in hello message
[24/Mar/2004:10:42:44 -0500][1716-E] Failed handshake with
[24/Mar/2004:10:42:44 -0500][1716-I] Ending client session # 1 : nis_agent/

This error message was due to the fact that web agent sharedsecret is out of sync. Policy server can't recognize the shared secrect from webagent. Therefore, a secure TCP connection can't be established. You need to reset web agent shared secret. In the 4x agent, you need to re-enter the shared secrect. In the 5x agent you need to run smreghost to get trusted host re-registered. Here are the commands:

For W2K:
smreghost -i -u jyang -p firewall -hn -hc "jyangwin-hostsettings" -f "C:\Program Files\CA\SiteMinder Web Agent\Config\smhost.conf"

For Solaris:
smreghost -i -u jyang -p firewall -hn -hc "JYangsunHostSettings" -f "/export/home/smuser/CA/siteminder/qmr5/webagent/config/SmHost.conf"

You need to delete the trusted host already in the policy server if you want to use same name. Thanks.


Component: SMPLC