Layer7 Access Management

Expand all | Collapse all

Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

  • 1.  Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-13-2015 01:58 PM

    from httpd logs/error_log

     

    CSmLowLevelAgent: Permission denied

    cannot open file: /home/sqa/CA/webagent/resources/AgentFramework_en.properties

    [13/Jul/2015:13:54:49] [Error] SiteMinder Agent

            Failed to Start the LLAWP process.

            LowLevelAgent.LLAWPExec.Failed (Invalid argument)

     

     

    I have referenced the other postings related to this error, but they have not helped me. I have setting the permissions on the .properties file to many different permissive settings, but the error happens none-the-less.

     

    Any advice?

     

    More details can be provided as necessary.



  • 2.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-13-2015 02:04 PM

    Does user using which you are running webserver say apache has permission over SmHost.conf and WebAgent.conf ?

    Do you see any registratipon failed error in smps.log ?

     

    Thanks & Regards,

    Ankush



  • 3.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-13-2015 03:20 PM

    [2835/4151785184][Mon Jul 13 2015 12:06:06][CServer.cpp:7607][INFO][sm-Server-04190] Setting the server suspend state for reason 4. The server will stop serving requests.

     

    Is the only error-type message in smps.log.

     

     

    The WebAgent.conf file in the webserver directory has the correct permissions, as does the SmHost.conf....what about WebAgent.conf that is in the ../CA/siteminder directory?



  • 4.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-14-2015 03:42 AM

    as you are working on linux, check for the location of httpd.conf, say /opt/apache/conf. Ideally webagent.conf will be present in that path.

    Check user and group in httpd.conf and see if same user and group has access to WebAgent.conf and SmHost.conf.

     

    Hope this should resolve the issue.

     

    Thanks,

    Ankush



  • 5.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-13-2015 07:55 PM

    We had a similar issue which happened because of not having proper permissions set for the SiteMinder folder. Basically the user running Apache is different from the user that installed SiteMinder binaries. Ownership is different and permissions weren't enough. You can give it a try changing the permissions of the SiteMinder folder.



  • 6.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-13-2015 07:58 PM

    The issue you mentioned seem to be a known issue that has been addressed in later release (R12.52 SP1):

     

    LLAWP Process not Checking Group Ownership (54019)

    Symptom:

    LLAWP is unable to open the file which has group ownership even if the user is present in that particular group.

    Solution:

    This is no longer an issue. Set the GUID of the user while spawning the LLAWP process.

    STAR issue: 21236749-1

     

    The message from Policy Server, you mentioned in last update is not an error. It is a stage whereby Policy Server stops serving requests till it successfully initialized.

     

    Best regards,

    Kelly



  • 7.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-27-2015 07:33 PM

    As indicated, this issue is applicable only when the files (SiteMinder directory) has group ownership instead of individual user.

    If this is the case, then you can workaround this issue by granting direct access to the user under which you are running Apache.



  • 8.  Re: Red Hat linux: CA Webagent fails to start w/ LLAWP permission errors

    Posted 07-26-2015 12:21 AM

    Hi Zestep,

     

    Please let us know if you have had a chance to test with R12.52 SP1 release to confirm if your problem is related to the known issue we pointed out earlier.

     

    Best regards,

    Kelly