Advanced Policy Server Configuration

Contents
casso10
Contents
Configure the Policy Server to Retain Agent Connections Longer than Six Hours
By default, the Policy Server terminates the connection to agents after six hours. To configure the Policy Server to retain the connection between the Policy Server and agents longer than six hours, create the
KeepAgentConnections
registry key in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer
KeepAgentConnections
The KeepAgentConnections setting lets the Policy Server stay connected with the Agent after six hours.
Options:
 Set the registry key to one of the following values. In the descriptions, TTL is the time-to-live.
0
- After the TTL expires, the Policy Server closes the agent connection by sending a TCP FIN packet to the Agent. 
1
- Do not close the Agent connections based on the TTL setting.
2
- After the TTL expires, the Policy Server closes the agent connection by sending a TCP RST packet to the Agent.
Configure the Policy Server to Rechallenge a Locked Out User
Create the RechallengeDisabledUser registry key to configure the Policy Server to maintain a consistent behavior for the URL and error messages that are displayed in the following conditions:
  • When a user logs in to a locked out account
  • When a user logs in with invalid credentials
RechallengeDisabledUser
Determines whether a user must be challenged after the account gets locked out. Set this registry key at the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer
If set to 1, the user is challenged continuously even if the account is locked out. If set to 0, the user is displayed an invalid credentials or account locked message after the set number of attempts.