When running a Web Agent, and seeing the Policy Server reporting getting handshake errors in smps.log related to this Web Agent. What are these errors? 

[11804/129354][Tue Nov 01 2005 10:44:34][CServer.cpp:1373][ERROR] Bad security handshake attempt. Handshake error: 3159
[11804/129354][Tue Nov 01 2005 10:44:34][CServer.cpp:1378][ERROR] Handshake error: Failed to receive client hello. Client disconnectedPolicy Server shuts down unexpectedly.

or

[2468/5][Mon Oct 24 2005 21:23:43][CServer.cpp:2415][ERROR] Failed to accept client connection on TCP server socket. Socket error 24
[2468/5][Mon Oct 24 2005 21:23:43][CServer.cpp:2418][INFO] The encountered condition indicates a possible misconfiguration. Shutting down the policy server
[2468/1][Mon Oct 24 2005 21:23:43][CServer.cpp:4234][INFO] Thread 1 received signal, stopping
[2468/1][Mon Oct 24 2005 21:23:43][CServer.cpp:3326][INFO] smpolicysrv shutting down

Policy Server on Linux or Unix, all versions

Check the file descriptors setting on your UNIX / Linux Policy Server machine.

  "ulimit -a" 

will show you all the limit parameters.

The nofiles parameter gives the total number of files (sockets + file descriptors) that this shell and its descendants have been allocated.

To increase the limit of nofiles, place ulimit -n 1024 command in the .profile or smprofile.ksh of the smuser account (1).

Also, make sure on the Linux server that there's no mix of /etc/init.d and systemctl startups in use. A mix of these settings can overwrite in numerous ways how the file descriptor amount is set. The REAL ulimit is best checked by this command:

  # cat /proc/<smpolicy-pid>/limits | grep "open files"

When using systemd, the correct place to configure is in /etc/systemd/system/<ourservice> by adding the line in the [Service] section:

  LimitNOFILE=32768

(1)

    Prepare for the Policy Server Installation