Symantec Access Management

Tech Tip : CA Single Sign-On :: Policy Server:AgentConnectionMaxLifetime read multiple times from policy store

By Ujwol posted 08-08-2016 02:43 AM



Policy Store Directory Server log shows a search for "CA.SM::$AgentConnectionMaxLifetime" in the Policy Store at regular interval.

After setting "KeepAgentConnections=0x2" in the CA SiteMinder registry, the policy server trace log started showing following :

[No such object][Handle='0xb293a28', Root='xpsParameter=CA.SM::$AgentConnectionMaxLifetime,ou=XPS,ou=policysvr4,ou=siteminder,ou=netegrity,', Scope=0, Filter='(xpsValue=*)', attrsonly=0]




  • Policy Server : R12.51CR6 and below, R12.52 SP1 CR1 and below
  • Policy Store : ANY LDAP


This is a known defect. This has been fixed in following policy server versions:

  • R12.51 CR7 and above.
  • R12.52SP1 CR02 and above

Policy server code has been now fixed to read this parameter only once during the policy server startup.

If the value for AgentConnectionMaxLifetime is changed via XPSConfig tool, this will need Policy server restart to reflect the changes.


Apply R12.52SP1 CR02  or R12.51 CR7  patch (or above) as applicable.


An workaround could be to manually set a local value for AgentConnectionMaxLifetime parameter via XPSConfig tool in all the Policy server.

To configure the maximum Agent connection lifetime

  • Open a command line on the Policy Server, and enter the following command:


The tool starts and displays the name of the log file for this session, and a menu of choices opens.

  • Enter the following command:


A list of options appears.

  • Enter the numeric value corresponding to the AgentConnectionMaxLifetime parameter: For example, 4.The AgentConnectionMaxLifetime parameter menu appears.
  • Type c to change the parameter value.

The tool prompts you whether to apply the change locally or globally.

  • Enter one of the following values:

l—The parameter value is changed for the local Policy Server only, overriding the global value.

g—The parameter value is changed globally for all Policy Servers (that do not have a local value override set) using the same policy store.

  • Enter the new maximum Agent connection lifetime, in minutes, for example:


  • The AgentConnectionMaxLifetime parameter menu reappears, showing the new value. If a local override value is set, both the global and local values are shown.
  • Enter Q three end your XPSConfig session.

Your changes are saved and the command prompt appears.

  • Restart the Policy Server.


Additional Information:

Configure Agent to Policy Server Communication Using a Hardware Load Balancer - CA Single Sign-On - 12.52 SP1 - CA Techn…

1 comment



08-08-2016 02:48 AM