Symantec Access Management

 View Only
  • 1.  Secure Proxy Server behind NAT - Unable to resolve fully qualified host name

    Posted Aug 08, 2014 06:31 AM

    Dear All,

     

    Apologies for flooding you guys so many question but I'm very new to SiteMinder and SPS.

     

    I have installed SiteMinder and SPS (both are 12.52 running on Redhat) in an internal network and have registered the SPS with SiteMinder. During registration of SPS, I entered the fully qualified name as the external IP xx.xx.xx.216. The internal IP for the SPS server is yy.yy.yy.216.

     

    I'm encountering HTTP 500 error when I try to access proxyui admin and saw the following error message from trace log:

     

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProxyValve::invoke][Entering the agent.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProxyValve::invoke][Virtual Host: default]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProxyValve::invoke][Using session scheme: default]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProxyValve::invoke][Using default user agent]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProcessRequest][Start new request.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][CSmResourceManager::ProcessResource][Calling SM_WAF_HTTP_PLUGIN->ProcessResource.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][CSmHttpPlugin::ProcessResource][Resolved HTTP_HOST: 'xx.xx.xx.216:10081'.]

    [08/08/2014][17:12:58][2659][106998640][][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][xx.xx.xx.216:10081]

    [08/08/2014][17:12:58][2659][106998640][][CSmHttpPlugin::ResolveFQServerName: isIP][xx.xx.xx.216]

    [08/08/2014][17:12:58][2659][106998640][][CSmHttpPlugin::DoDNSLookup ][Entered Function server: xx.xx.xx.216, port: :10081]

    [08/08/2014][17:12:58][2659][106998640][][CSmHttpPlugin::DoDNSLookup Error: ][Temporary failure in name resolution]

    [08/08/2014][17:12:58][2659][106998640][][CSmHttpPlugin::DoDNSLookup ][Leaving Function]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][CSmResourceManager::ProcessResource][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmExit.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][CSmResourceManager::ProcessResource][Calling SM_WAF_SPS_PLUGIN->ProcessResource.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][CSmResourceManager::ProcessResource][SM_WAF_SPS_PLUGIN->ProcessResource returned SmNoAction.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][CSmResourceManager::ProcessResource][Plugins did not collect required resource data.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProcessRequest][ResourceManager returned SmExit, end new request.]

    [08/08/2014][17:12:58][2659][106998640][][ReportHealthData][Accumulating HealthMonitorCtxt.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][Tomcat5SerializedAgentData::doResponse][HTTP Status Code = 500]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProxyValve::invoke][Exit status returned from the agent.]

    [08/08/2014][17:12:58][2659][106998640][621d9f32-6cee853d-e7f6e393-59324cad-691dac7b-2cd][ProxyValve::invoke][Leaving the agent.]



  • 2.  Re: Secure Proxy Server behind NAT - Unable to resolve fully qualified host name

    Posted Aug 11, 2014 05:51 AM

    Hi,

     

    Did you try to resolve the FQDN from the SPS server? It is able to do a correct DNS resolution for that IP address?

    You can double check the DNS servers definition in the network interface that it is correct, the DNS service itself and the correct DNS register is created correctly and replicated, and then do a simple "ping -a ***.***.***.216" and see what name returns from DNS. That should be the first to check.

     

    Hope it helps.

     




  • 3.  Re: Secure Proxy Server behind NAT - Unable to resolve fully qualified host name
    Best Answer

    Posted Aug 12, 2014 02:32 AM

    Hi Albert,

     

    Thanks for your reply. You are right that the external IP can not be resolved from SPS server due to NTA configuration at our client's environment.

     

    I have resolved this issue by disabling the DNSLookUp in WebAgent.



  • 4.  Re: Secure Proxy Server behind NAT - Unable to resolve fully qualified host name

    Posted Aug 12, 2014 04:16 AM

    Hi!

     

    I'm glad it was a resolution problem. It's easier to solve, right?

     

    Best regards