Symantec Access Management

 View Only
  • 1.  CA RISK MINDER and SPS

    Posted Jul 09, 2016 08:22 AM
      |   view attached

    Hello All,


    I am having issue accessing proxyui/SPS to work,in logs i see tomcat connection refused in modjk logs.


    So It should be because arcot thing.


    <Context name="AALoginService">





           <Context name="Advanced Auth Application">





           <Context name="UI Application">





    I disabled above things.

    I then tried starting Riskminder service, it says CA riskminder started and then stopped error .


    I have attached logs for your reference.


    Can you please help me what could be the possible solution to avoid this and get all worked.


    SPS :12.52 SP1 (install and config successfull, server.log and nohup logs looks good)

    If i access Proxyui url or assertion retrieval ,it gives me site not found / Error 503.


    SM:12.52 SP2


    I have those in different machines.


    I have attached modjk logs and cariskminderstartup logs.


    Iam having issues starting CA RiskMinder service it says as below:


    Please help




    Ankit Jain


  • 2.  Re: CA RISK MINDER and SPS
    Best Answer

    Posted Jul 09, 2016 02:08 PM



    If RM is not configured correctly by running Policy Server Configuration Services, then RM services won't start. You can look at the <PS_HOME>/aas/logs folder and check why it is failing. The simplest option to run the Policy Server configuration wizard and skip all the options (e.g. PStore, WebServer, OV etc).


    Even if you leave RM in shutdown state, once we disable the values in server.conf within CA Access Gateways; the CA Access Gateway services should start up.


    To get all working,


    1. Run PS Configuration Wizard (note : skip everything e.g. PStore, WebServer, OV etc).

    2. Start Policy Server Services. Check <PS_HOME>/aas/logs. Now the RM logs should say SERVICE READY.

    3. Go to server.conf. Enable values. Stop and Start SPS. If SPS does not still. Then delete SPS and SPS_AAS trusted host objects from Policy Server. Then re-run SPS Configuration wizard (note : if you re-run SPS configuration wizard all setting will be brought back to OOB SPS e.g. if you configured SSL, then it would be lost and you'd need to setup SSL again).

  • 3.  Re: CA RISK MINDER and SPS

    Posted Jul 13, 2016 07:11 AM

    Hello Hubert,


    I have installed and configured SPS in windows 2012.

    In server conf I have disabled advanced auth,uiapp. But still I am not able to get anything when accessing or



  • 4.  Re: CA RISK MINDER and SPS

    Posted Jul 13, 2016 08:56 AM



    Please check the following.


    • Run "netstat -an | more" in a command window and check if all necessary ports have been opened.
    • Check the nohup.log and server.log for any startup and initialization errors.
    • Could we enable logging in ACO i.e. LogFile and TraceFile parameters - then see if those log file are getting generated when we stop and start SPS services.
    • Check the windows firewalls settings on the Server. Disable them and test.
    • Try accessing the ProxyUI from the Desktop and laptop, instead of accessing from within the server. Alternatively try accessing from within the server too.
    • Check if the Policy Domain to protect ProxyUI was created and that we have done the necessary modifications in the Policy Domain to associate the User directory + add it to Policy.




  • 5.  Re: CA RISK MINDER and SPS

    Posted Jul 13, 2016 09:20 AM
      |   view attached

    Hello Hubert,


    I see 8080 port is opened.

    C:\Users\Administrator>netstat -na | find ":8080"

      TCP               LISTENING

      TCP    :8080              :0                 LISTENING



    Also SPS logs in ACO is enabled and they are generating without any errors.


    And dont see any errors on server.log and nohup logs.


    But I still see site not found error.


    I have added host entry as well.








    *Ankit Jain *|  IAM Engineer |  +91 9741336404

    Identity:  Secure, Intelligent, Managed


    On Wed, Jul 13, 2016 at 6:26 PM, HubertDennis <

  • 6.  Re: CA RISK MINDER and SPS

    Posted Jul 13, 2016 09:56 AM

    Would it be possible to attach the log files and server.conf - I could take a quick look.


    NOTE : This is a public forum and I'd request if it is production then not to upload the logs. If it is pre-prodn, then remove any sensitive information.

  • 7.  Re: CA RISK MINDER and SPS

    Posted Jul 24, 2016 01:48 AM

    Hi Ankit,


    Going a step back.

    If you have disabled the Arcot component on SPS side, why are you trying to start it at Policy server side.

    They work together ONLY.


    So, if you are going to use session assurance feature, yes you would need to fix the Riskminder startup at both PS and SPS side but if you are not going to use it you can just disable the service on both the side.