Symantec Access Management

Tech Tip : CA Single Sign-On : What are the possible handshake errors in policy server?

  • 1.  Tech Tip : CA Single Sign-On : What are the possible handshake errors in policy server?

    Broadcom Employee
    Posted 10-04-2018 05:01 AM

    Introduction:


    During policy server communication with agents there are many handshake errors can possibly show up in the logs. Here is the list of all possible error codes and its meanings

     

    Question:

     

    What are the possible handshake errors in policy server?

     

    Environment:

     

    Policy server (all supported platforms)

     

    Answer:

     

    Bad security handshake attempt. Handshake error: 3151 - Initial handshake with the agent is successful (you wont see this error message in the logs)
    Bad security handshake attempt. Handshake error: 3152 - Failed to receive client hello - Initial handshake is successful but policy server didnt receive hello message from agent.
    Bad security handshake attempt. Handshake error: 3153 - Bad Version - Client hello received but the hello message is not in correct length/format. non-FIPS hello is received by
    the policy server running in FIPS only mode.
    Bad security handshake attempt. Handshake error: 3154 - Client name does not match hash value - Shared secret sent by the agent is not correct/valid
    Bad security handshake attempt. Handshake error: 3155 - Failed to send server hello - Client hello message is received and validated but policy server failed to send server hello
    back to the agent. May be socket is not available to send server hello.
    Bad security handshake attempt. Handshake error: 3156 - Failed to receive client ack - Policy server sent server hello message to client but it didnt receive hello confirmation
    message from client.
    Bad security handshake attempt. Handshake error: 3157 - Bad encryption - There is some encryption/decryption issue while working on the handshake.
    Bad security handshake attempt. Handshake error: 3158 - Server exception caught during handshake attempt - One or more exceptions seen during handshake attempt.
    Bad security handshake attempt. Handshake error: 3159 - Client Disconnect - Socket was closed before receiving client hello.
    Bad security handshake attempt. Handshake error: 3160 - Bad host - Incorrect host name in the request (during validation of shared secret).

     

    Additional Information:

     

    This has been incorporated into the documentation. Please visit
    docops.ca.com for your version for updated information

     

    KB : KB000042071