Hi,
I am trying to find out the reason for below errors in smps.log. This error is continuously logged in smps logs. I did check CA support articles and it says this error could occur if shared secret of agent is out of sync.
Here is the brief of environment I have:
a. Two policy servers to which agent connects to.
b. Key generation enabled only in one policy server
c. Dynamic agent key rollover once per day enabled in policy server which has key generation enabled.
d. Shared Secret rollover not enabled on any of the policy server.
Errors in smps logs:
5908/4632][Mon May 04 2015 10:48:02][CServer.cpp:1965][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3152
[5908/4632][Mon May 04 2015 10:48:02][CServer.cpp:1972][ERROR][sm-Tunnel-00030] Handshake error: Failed to receive client hello. Socket error 0
Solution that is given on CA article:
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec455943.aspx
The solutions are
1). To delete the trusted host in policy server.
2). To delete SmHost.conf from web server.
3). Run the agent configuration wizard again to create new trusted host with new SharedSecret.
Question:
1. Is there any problem in the key generation setup that I am using in my environment?
2. If I have not enabled shared secret rollover, then how can shared secret go out of sync with the policy server? Does it have anything to do with encryption key?
3. I have tried re-registering the agent multiple times but this error is persistent. Any suggestions?
Regards,
Neeraj Tati