New 6.0 SP5 and higher feature: Suspend Mode.

Document ID : KB000054131
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

I see "Suspend Timeout" and "Suspend State" in my 6.0 SP5 logs. what does this mean?

Solution:

Starting in 6.0 SP5 the Policy Server will no longer shut down immediately in the event of Key Store loss. This is due to a new feature known as Suspend Mode. This allows the Policy Server to process requests attained previous to the key store loss. All requests after this loss will not be honored. It will not allow new Web Agent connections until the suspend period ends. This can end one of two ways. The first is to have the key store come back online. The second is a time out of the suspension period followed by a clean shut down.

This is especially useful in environments where there is only one key store. When used in conjunction with multiple key stores you may notice the Policy Server enter this state as it fails over and resume immediately after a key store fail over.

To see what your timeout period is for suspend mode, which is in seconds, you may search your SMPS log for "The suspend timeout is" and you may search on "Setting the server suspend state" to see if you have ever entered this state. The reason will be a numeric reason code. To set the length of time that the Policy Server will wait for the Key Store to return before shutting down, you must adjust your SiteMinder registry. The key is located at "HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\CurrentVersion\PolicyServer" and is "SuspendTimeout REG_DWORD 0xe10" by default. This is in hex for the time value. The decimal equivalent is 3600. This is in seconds, so the default is one hour.

Following are the "Reason" codes that will be displayed in the SMPS.log for a Policy Server that has entered the Suspend State;

Reason Code 0 is a user forced suspend state (smpolicysrv -suspend/smpolicysrv -resume)
Reason Code 1 is significant of an agent key update failure
Reason Code 2 is significant of an agent key rollover failure
Reason Code 3 is significant of a shared secret rollover failure