search cancel

When accessing to WebAgent by multi threads, Policy Server output HandShake errors.


Article ID: 6640


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When increasing 'StartServers' value and accessing to WebAgent by multi threads, WebAgent send RST packets to Policy Server and Policy Server output HandShake errors. 

[4844/4968][Thu Apr 06 2017 17:52:26][CServer.cpp:1974][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3152 [4844/4968][Thu Apr 06 2017 17:52:26][CServer.cpp:1981][ERROR][sm-Tunnel-00030] Handshake error: Failed to receive client hello. Socket error 0 [4844/4968][Thu Apr 06 2017 17:52:26][CServer.cpp:2147][ERROR][sm-Server-01070] Failed handshake with


Component: SMAPC


This problem is related to karnel side, not CA SSO.

In using Apache 'prefork' mode, when too many process are created (e.g increasing httpd.conf value regarding to the number of process, and accessing by many threads...etc), so many orphans child processes are likely to be existing.

Under this situation, there is some possibilities that these processes are reset immediately and warning is printed, by exceeding 'tcp_max_orphans' value at karnel side.


Change MPM mode and work as 'worker' mode, not 'prefork'.

Additional Information



Apache MPM prefork: