How to avoid the following messages in the smps.log:
Policy Server 12.8SP3 on RedHat 7
Here are the possible ways to investigate each error:
(1) Error : '81' during search: 'error: Can't contact LDAP server'
To avoid this message, configure the LDAP Backend Store to never close its connection with the Policy Server.
(2) Failed to initialize TCP client connection. Socket error 107
In almost all cases, Socket error 107 occurs due to an external network issue. It means "Transport endpoint is not connected". Basically, the communication between the Policy Server and the Agent was lost.
(3) Policy Server Hangs after Web Agent Communication Failure
If a Web Agent goes offline during a Policy Server request, for example, during a network outage, and does not notify the Policy Server of the communication failure, the Policy Server continues to wait for the Web Agent data. The Policy Server continues to wait, even after the Web Agent regains network functionality and closes the connection to the Policy Server.
To configure the Policy Server to send KeepAlive packets to idle Web Agent connections, log into the Policy Server host system. Do one of the
following:
(Windows) Create the following system environment variable with
a value of 1: SM_ENABLE_TCP_KEEPALIVE
(UNIX) Create the following system environment variable:
SM_ENABLE_TCP_KEEPALIVE=1
Export the environment variable.
The value must be 0 (disabled) or 1 (enabled). If a value other than 0 or 1 is configured, the environment variable is disabled. If the environment variable is disabled, the Policy Server does not send KeepAlive packets to idle Web Agent connections.
Enable KeepAlives When Agents and Policy Servers are Separated a Firewall
Symptom:
I use a firewall between my agent and Policy Server. Sometimes the agent returns a 500 error when I try to access a page.
Solution:
Enable Keepalives on the agent by doing the following steps:
Locate the following environment variable on the computer hosting the web agent:
SM_ENABLE_TCP_KEEPALIVE
Set the value of the previous environment variable to 1.
(4) failed with code - 1001 erors post R12.8 upgrade
Error code 2 shows there was an issue when the policy server tried to get the session from the session store. It searched in the session store but it couldn't find the session in the store. It may be a bad input for the search at the session store. You can get more details on the policy server trace (smtracedefault.log) log file on what was the search query that was sent to the session store.
(5) SAML federation via IWA Sessionstore problem
Check if the realms have persistence enabled and decide if persistence is needed or not. Having a mixture of persistent and non-persistent realms can provoke this error. Remove also all SLO configurations that are not in use.
(6) LDAP Result Code Reference: Core LDAPv3 Result Codes
inappropriateAuthentication (48)
Applicable operation types: bind
The inappropriateAuthentication result code indicates that the client attempted to bind in an inappropriate manner that is inappropriate for the target account. Some possible reasons for this result code include:
The client attempted to perform anonymous authentication, but the server does not permit anonymous authentication.
The client attempted to perform a type of authentication for which the target account does not have an appropriate set of credentials. For example, this result code may be returned if a client attempts to perform a password-based bind when the target user s entry does not contain a password.
The client attempted to perform a type of authentication that is not allowed for that client. For example, the client attempted to perform a lower-security type of authentication (like simple authentication or SASL PLAIN) when a stronger method (e.g., a client certificate or a two-factor mechanism) is required.
(7) What are the possible handshake errors in policy server?
Bad security handshake attempt. Handshake error: 3154 - Client name does not match hash value - Shared secret sent by the agent is not correct/valid
Running smreghost to re-register the agent should resolve this issue.
(9) Bad security handshake attempt. Handshake error: 3154
(10) Policy server not able to connect with webservices instance
(11) Handshake error when using SM Test Tool from a different box