Symantec Access Management

Tuesday Tip by Gene Howard, Principal Support Engineer for 3-13-2012

What is AgentWaitTime?

It specifies the number of seconds that the Web Agent waits for the Low Level
Agent Worker process (LLAWP) to become available. When the interval expires
the Web Agent tries to connect to the Policy Server. Setting this parameter
may help resolve agent start-up errors related to LLAWP connections.

In order for the AgentWaitTime to take affect it must be set in the
WebAgent.conf file as this value is used PRIOR to the ACO information
being downloaded.

If it is not set in WebAgent.conf, the default value of 30 seconds is used.

Based on our best practice research and discussing with CA Technologies Engineering, this is a reasonable estimate for the value to be set:

AgentWaitTime = (Number of Policy servers listed in SmHost.conf -1) + (Number of Policy Servers listed in HCO -1) * 30 Seconds +10 Seconds OR 70 Seconds, whichever is greater.

Hi Gene,

I recently encountered the following error (in Event Viewer): "Failed to initialize the message bus." (http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec531127.aspx ) being thrown from a Siteminder Web Agent. I applied AgentWaitTime = 70 in the Webagent.conf file but still got the same error. After working with CA support, we found that the issue was AgentWaitTime being set in both (1) the ACO on the policy server and (2) the Webagent.conf file. Can you or one of your peers help me answer the following questions?

1) What is the purpose of AgentWaitTime in the ACO?

2) If AgentWaitTime it is set as '5' in the ACO, and AgentWaitTime is not set in the Webagent.conf file, what is the expected behavior of LLAWP when it starts on the Web Agent? Assuming 2 policy servers in the HCO and 2 in the SMHOST.conf.

Thanks,

Andy

Hi Andy,

Let me answer that for you.

1) What is the purpose of AgentWaitTime in the ACO?

Ujwol => This has been described in the title post in the current thread. Let me know if you need any further clarificaitons.

2) If AgentWaitTime it is set as '5' in the ACO, and AgentWaitTime is not set in the Webagent.conf file, what is the expected behavior of LLAWP when it starts on the Web Agent? Assuming 2 policy servers in the HCO and 2 in the SMHOST.conf.

Ujwol =>

As stated above, AgentWaitTime defines the time the LLAWP waits to initialize. As the ACO is present in policy store, it might happen that Agent might not have even read the ACO when it is initializing.

If you don't specify AgentWaitTime in the WebAgent.conf then depending upon the FIPS mode, it will go by the default minimum AgentWaitTime.

In FIPS Only mode, the default minimum AgentWaitTime = 20 seconds

In all other FIPS mode, the default minimum AgentWaitTime = 5 seconds

It is best to specify the same value of the AgentWaitTime in both WebAgent.conf and ACO.

Cheers,

Ujwol

Gene,

In this example you used to following formula to calculate it.

AgentWaitTime = (2 -1) + (4-1) * 30 Seconds +10 Seconds OR 70 Seconds, whichever is greater

I dont understand how it computes to 240. My calculation says 101. Here is my calculation.

AgentWaitTime  = 1 + 3*30 + 10 = 1 + 90 + 10 = 101

Am I missing anything here?

Praveen,  There is a typo in the original formula.  It should be like this.

AgentWaitTime = { [ (Number of Policy servers listed in SmHost.conf -1) + (Number of Policy Servers listed in HCO -1) ] * 30 Seconds +10 Seconds } OR 70 Seconds, whichever is greater.

Best wishes. - Vijay