Symantec Access Management

We have a server (server A)  that is configured to protect everything under the /protected/ folder using the v6.0.0.500 web agent for IIS. Siteminder is successfully working and users are able to successfully login to this resource.  We have configured  another server (server  B)  identically to server A with the exception of the web agent version, which is v6.0.513.392. The realms. rules, policies, and authentication scheme are identical.  The issue we are experiencing is that when  we attempt to access the /protected/* resource on server B, we are presented with the custom login form, but the  TARGET portion of the URL is different than when we access server A.  Server A URL displayed when the login form is presented:...TARGET=$SM$http%3a%2f%2fwwdotprod10%2ewonderware%2ecom%2fprotected%2fservervariables%2easp  Server B URL displayed when the login form is presented:...TARGET = -SM- http%3a%2f%2fwwdotprod10vs%2ewonderware%2ecom%2fprotected%2fservervariables%2easp %2c%2fprotected%2fservervariables%2easp   Notice the differences (highlighted in red) between the two URLs. Upon successfull authentication the user is presented with:http://wwdotprod10vs.wonderware.com/protected/servervariables.asp,/protected/servervariables.asp. This obviously is not the correct URL and results in a Page Not Found error. If we remove the comma and everything after it the page is successfull displayed.  We have double checked the configuration settings on the policy server for both domains and verified that they are identical. We have also verified that the IIS settings for the web agent DLL are the same on both servers. We have never experienced this behavior before and do not know what else to check

The $$SM$$ compared to the -SM- is due to the old framework agents compared to the newer framework agents... take a look at the LegacyEncoding setting in the Agent config, as that discusses the difference a bit.    as for the comma and the extra URI, are you sure (by looking at the HTTP responses with a something like ieheaders or fiddler that you are only ever getting redirected to the login page once?   I have seen cases where people are not properly decoding the smencoding in a login page and they end up with repeated URLs in the target.  Also is the login page itself on the 6 SP5 agent or on the 6 SP5 CR 13 agent?   if you are still having this problem with the fcc on the CR 13 agent then you may want to try the latest CR29 IIS agent, yu can download it from the support site.   I dont know for certain if there was something broken here that was recently fixed but it always helps as a data point.            

 On Server B , Make sure you   have the Siteminder Agent Filter   set only once .     I mean , When you install and configure the Webagent ,         By default , there will be a ISAPI filter for SM Webagent   set at "Web Sites" Level.                                 If you have the   filter set at "Default WebSites" too, then you will see the URI part Twice.    Make sure you have this filter only once.   Either at "Web Sites" Level   or "Default Web Site" Level.    ThanksKrish.