Tech Tip : CA Single Sign-On : Sm_AgentApi errors

Discussion created by Patrick-Dussault Employee on Oct 4, 2018



We're running a Web Agent, and we see below errors in the webagent log

[ERROR] LLA: SiteMinder Agent Api function failed -'Sm_AgentApi_IsProtectedEx' returned '-1'.

[ERROR] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_LoginEx' returned '-2'.

[ERROR] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_LoginEx' returned '-1'.

Why do we have those errors ? What do they mean ?




Sm_AgentApi_LoginEx, is function call of agent. This function has -1 or -2 error code return.
*-1 means that webagent failed to communicate with the policy server
*-2 means connection timeout

'Sm_AgentApi_IsProtectedEx' is also a function call of agent to check whether accessed resource is protected or not.
Error code return:-
*-1 indicates that the Policy Server could not be reached.
*-2 indicated Policy Server connection is timeout.
These are quite generic error messages. These basically indicate that..

1 either the Policy Server was down
2 *OR* was not responding to the agent due to being busy and lack of resources and as a result the agent request timeout occurs
3 The agent request is not reaching to the policy server or the request is timing out, due to network latency.




1. Please verify if the corresponding policy server was too busy or lacking resources during these error timeframe and also check if was there were any network issues, due to
which agent could not communicate with policy server and logged these errors.
2. Also in order to accommodate network latency, you can increase the value of "AgentWaitTime" parameter in the Agent configuration (ACO).
For more information on this parameter, refer below documentation link:-

Additional Information:


Also refer KB Article:

Agent Api function failed when load balancer is introduced between agent and policy server


This has been incorporated into the documentation. Please visit for your version for updated information


KB : KB000045157