Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

Tech Tip : CA Single Sign-On : Sm_AgentApi errors

  • 1.  Tech Tip : CA Single Sign-On : Sm_AgentApi errors

    Broadcom Employee
    Posted Oct 04, 2018 04:55 AM

    Issue:

     

    We're running a Web Agent, and we see below errors in the webagent log


    [ERROR] LLA: SiteMinder Agent Api function failed -'Sm_AgentApi_IsProtectedEx' returned '-1'.

    [ERROR] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_LoginEx' returned '-2'.

    [ERROR] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_LoginEx' returned '-1'.

    Why do we have those errors ? What do they mean ?

     

    Cause:

     

    Sm_AgentApi_LoginEx, is function call of agent. This function has -1 or -2 error code return.
    *-1 means that webagent failed to communicate with the policy server
    *-2 means connection timeout

    'Sm_AgentApi_IsProtectedEx' is also a function call of agent to check whether accessed resource is protected or not.
    Error code return:-
    *-1 indicates that the Policy Server could not be reached.
    *-2 indicated Policy Server connection is timeout.
    These are quite generic error messages. These basically indicate that..

    1 either the Policy Server was down
    2 *OR* was not responding to the agent due to being busy and lack of resources and as a result the agent request timeout occurs
    3 The agent request is not reaching to the policy server or the request is timing out, due to network latency.

     

    Resolution

     

    1. Please verify if the corresponding policy server was too busy or lacking resources during these error timeframe and also check if was there were any network issues, due to
    which agent could not communicate with policy server and logged these errors.
    2. Also in order to accommodate network latency, you can increase the value of "AgentWaitTime" parameter in the Agent configuration (ACO).
    For more information on this parameter, refer below documentation link:-
    https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agent-configuration/basic-agent-setup-and-policy-server-connections#BasicAgentSetupandPolicyServerConnections-AccommodateNetworkLatency


    Additional Information:

     

    Also refer KB Article:

    Agent Api function failed when load balancer is introduced between agent and policy server
    https://comm.support.ca.com/kb/agent-api-function-failed-when-load-balancer-is-introduced-between-agent-and-policy-server/kb000038141

     

    This has been incorporated into the documentation. Please visit
    docops.ca.com for your version for updated information

     

    KB : KB000045157