XPS parameter "AgentConnectionMaxLifetime" is being read continuously from policy store

Document ID : KB000045441
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

Policy Store Directory Server log shows a search for "CA.SM::$AgentConnectionMaxLifetime" in the Policy Store at regular interval.

After setting "KeepAgentConnections=0x2" in the CA SiteMinder registry, the policy server trace log started showing following :

[No such object][Handle='0xb293a28', Root='xpsParameter=CA.SM::$AgentConnectionMaxLifetime,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,o=aa.com', Scope=0, Filter='(xpsValue=*)', attrsonly=0]

 

Environment:

Policy Server : R12.51CR6 and below, R12.52 SP1 CR1 and below

Policy Store : ANY LDAP

Cause:

This is a known defect. This has been fixed in following policy server versions:

  • R12.51 CR7 and above.
  • R12.52SP1 CR02 and above

Policy server code has been now fixed to read this parameter only once during the policy server startup.

If the value for AgentConnectionMaxLifetime is changed via XPSConfig tool, this will need Policy server restart to reflect the changes.

Resolution/Workaround:

Apply R12.52SP1 CR02  or R12.51 CR7  patch (or above) as applicable.

Workaround:

An workaround could be to manually set a local value for AgentConnectionMaxLifetime parameter via XPSConfig tool in all the Policy server.

To configure the maximum Agent connection lifetime

  1. Open a command line on the Policy Server, and enter the following command:

    xpsconfig

    The tool starts and displays the name of the log file for this session, and a menu of choices opens.

     

  2. Enter the following command:

    sm

    A list of options appears.

     

  3. Enter the numeric value corresponding to the AgentConnectionMaxLifetime parameter: For example, 4.
    The AgentConnectionMaxLifetime parameter menu appears.
  4. Type c to change the parameter value.
    The tool prompts you whether to apply the change locally or globally.
  5. Enter one of the following values:
    • l - The parameter value is changed for the local Policy Server only, overriding the global value.
    • g -The parameter value is changed globally for all Policy Servers (that do not have a local value override set) using the same policy store.
  6. Enter the new maximum Agent connection lifetime, in minutes, for example:

    360

    The AgentConnectionMaxLifetime parameter menu reappears, showing the new value. If a local override value is set, both the global and local values are shown.

     

  7. Enter Q three times.to end your XPSConfig session.
    Your changes are saved and the command prompt appears.
  8. Restart the Policy Server.

Additional Information:

https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/administrating/configure-agent-to-policy-server-communication-using-a-hardware-load-balancer