CA PAMTech Tip by Margaret Anttila, Senior Support Engineer for June 15, 2017
A 402 error means the A2A client program is unable to connect to the client daemon.
- High CPU usage on the client machine
If the CPU usage is high on the machine, then a java program will keep trying until it can access the client daemon; however, a shell script will time out if it cannot access the daemon, and return an error 402, that it is unable to establish connection. There is a 120 seconds timeout for c/c++ stub. If it does not come back within 2 minutes, you will get a 402. This was applicable to clients releases 3.5.0 to 4.5.0. Beginning with 4.5.2 clients, there is still a timeout but it is reduced to 3 seconds for a connect timeout and set at 30000 seconds for a read timeout.
- Other errors causing the client to get a 402
Note that the catalina logs might not show a 402, but could show other errors that all take time to process, and could lead to a 402. For example, each 405 (cannot find target alias) takes more than 10 seconds, so several 405 errors could cause the daemon to be too busy to contact the server. At the time of the 402, investigate the catalina logs to see if there is an increased number of other errors that are keeping the daemon process busy.
3. Problems with Request Server host environment.
- Port 28088 needs to be open for application to client communication, as defined in the cspm_client_config file
- DNS - The Password Authority Server requires a DNS, Windows hosts, or /etc/hosts entry for each Password Authority Windows Proxy and Password Authority Client. Also, each Password Authority Windows Proxy and Password Authority Client requires a DNS or /etc/hosts entry for the Password Authority Server.
- Particular linux issue, related to DNS - Created a new linux image but did not install the NSCD RPM.