Patrick-Dussault

Tech Tip : CA Single Sign-On : What are the possible handshake errors in policy server?

Discussion created by Patrick-Dussault Employee on Oct 4, 2018

Introduction:


During policy server communication with agents there are many handshake errors can possibly show up in the logs. Here is the list of all possible error codes and its meanings

 

Question:

 

What are the possible handshake errors in policy server?

 

Environment:

 

Policy server (all supported platforms)

 

Answer:

 

Bad security handshake attempt. Handshake error: 3151 - Initial handshake with the agent is successful (you wont see this error message in the logs)
Bad security handshake attempt. Handshake error: 3152 - Failed to receive client hello - Initial handshake is successful but policy server didnt receive hello message from agent.
Bad security handshake attempt. Handshake error: 3153 - Bad Version - Client hello received but the hello message is not in correct length/format. non-FIPS hello is received by
the policy server running in FIPS only mode.
Bad security handshake attempt. Handshake error: 3154 - Client name does not match hash value - Shared secret sent by the agent is not correct/valid
Bad security handshake attempt. Handshake error: 3155 - Failed to send server hello - Client hello message is received and validated but policy server failed to send server hello
back to the agent. May be socket is not available to send server hello.
Bad security handshake attempt. Handshake error: 3156 - Failed to receive client ack - Policy server sent server hello message to client but it didnt receive hello confirmation
message from client.
Bad security handshake attempt. Handshake error: 3157 - Bad encryption - There is some encryption/decryption issue while working on the handshake.
Bad security handshake attempt. Handshake error: 3158 - Server exception caught during handshake attempt - One or more exceptions seen during handshake attempt.
Bad security handshake attempt. Handshake error: 3159 - Client Disconnect - Socket was closed before receiving client hello.
Bad security handshake attempt. Handshake error: 3160 - Bad host - Incorrect host name in the request (during validation of shared secret).

 

Additional Information:

 

This has been incorporated into the documentation. Please visit
docops.ca.com for your version for updated information

 

KB : KB000042071

Outcomes