Hi Marubun Support,
Web agent connections to the policy server are persistent and remain as long as they are active. The policy server will sever idle web agent connections after ten minutes (this is configurable in the Policy Server Management Console).
Assuming that the needed number of agent connections on each policy server has been properly calculated, the most common reason for exceeding the connection limit is a bottleneck with the policy server accessing the user stores. Slow responses from user stores can cause web agent requests to the policy server to time out. If a web agent request to the policy server times out, the web agent will resend the request on a new connection. This can lead to a connection build up on the policy server if too few agent requests are being serviced prior to the agent request timeout. When this situation occurs, the policy server's request queue can be flushed via the smpolicysrv command: smpolicysrv -flushrequests
The following KB article has detailed information regarding how to calculate the needed number of connections on the policy server (the focus is Prefork mode, however, the more common Worker mode is also covered):
https://knowledge.broadcom.com/external/article?articleId=44953
This KB article has more detailed information regarding how to tune the system as a whole to prevent running out of agent connections:
https://knowledge.broadcom.com/external/article?articleId=198329
Regards,
Pete