Previous Topic: Manually Enter the Session Ticket Key

Next Topic: Shared Secret for a Trusted Host

Set the EnableKeyUpdate Registry Key

When a single Policy Server generates encryption keys in an environment with multiple Policy Servers that connect to disparate policy stores, but share a central key store, an additional registry setting is required. This registry setting configures each Policy Server to poll the common key store and retrieve new encryption keys at a regular interval.

To configure the EnableKeyUpdate registry key on a Windows Policy Server

  1. From the Windows Start menu, select Run.
  2. Enter regedit in the Run dialog box and click OK.
  3. In the Registry Editor, navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\
    CurrentVersion\ObjectStore
    
  4. Change the following registry value:

    "EnableKeyUpdate"=0

    to

    "EnableKeyUpdate"=1

  5. Restart the Policy Server.

To configure the EnableKeyUpdate registry key on a UNIX Policy Server

  1. Navigate to:
    install_directory/siteminder/registry
    
  2. Open sm.registry in a text editor.
  3. Locate the following text in the file:
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\
    CurrentVersion\ObjectStore
    
  4. Change the following registry value:

    "EnableKeyUpdate"=0

    to

    "EnableKeyUpdate"=1

  5. Restart the Policy Server.

More information:

Multiple Policy Stores with a Common Key Store


Copyright © 2010 CA. All rights reserved. Email CA about this topic