Symantec Access Management

Hello,

Little background. I am working on a project that has 2 separate Policy Servers (one internal environment, one external). Both on Red Hat Linux. The Internal Policy Server and External Policy Servers are both using one Policy Store. I ran the ./smconsole command on the external Policy Server to make sure the connection was successful and that the Policy Server is up and running.

I am trying to register my CA Access Gateway on Unix/Linux to the external trusted host (Policy Server). I had ran the configuration installer (./ca-sps-config.sh).  I put in the designated trusted host name, the HCO, the Policy Server IP address, what FIPS mode, Host configuration file name, and Host configuration file location after those steps -- I am prompted the error message:

"Registration Failed

------------------------------

Though you may continue with configuration from this point, your CA Access Gateway will not work until you have registered this host with the Policy Server. It is strongly recommended that you review your information and complete the host registration."

What is the solution to resolving this? Should I uninstall the software and reinstall? What are the workarounds? 

Let me know, thanks!

Hi Tiffany,

You don't need to reinstall the software as that will not affect the problem.  There could be several root causes of the error.

The trusted host registration can be retried by using the smreghost command.  This may yield additional information in the error.  Here is the command syntax:

smreghost -i policy_server_IP_address:[port] -u administrator_username -p administrator_password -hn hostname_for_registration -hc host_configuration_object
Separate each command argument from its value with a space. Surround any values that contain spaces with double quotes (").

Please note that only legacy administrators have the ability to register trusted hosts.  Also note that when registering a trusted host via the Access Gateway config wizard, and existing trusted host cannot be overwritten, so either verify the trusted host name that you're registering does not already exist in the policy store, or use the -o argument when running the smreghost command (this will overwrite the existing trusted host). 

If you're providing valid legacy admin credentials with the command and it's still failing, the policy server logs may give more information regarding what is going wrong. 

Regards,
Pete Burant
Broadcom Layer 7 Siteminder Support
Original Message:
Sent: 08-13-2019 10:23 AM
From: Tiffany Kongpachith
Subject: CA Access Gateway: Registration Failed

Hello,

Little background. I am working on a project that has 2 separate Policy Servers (one internal environment, one external). Both on Red Hat Linux. The Internal Policy Server and External Policy Servers are both using one Policy Store. I ran the ./smconsole command on the external Policy Server to make sure the connection was successful and that the Policy Server is up and running.

I am trying to register my CA Access Gateway on Unix/Linux to the external trusted host (Policy Server). I had ran the configuration installer (./ca-sps-config.sh).  I put in the designated trusted host name, the HCO, the Policy Server IP address, what FIPS mode, Host configuration file name, and Host configuration file location after those steps -- I am prompted the error message:

"Registration Failed

------------------------------

Though you may continue with configuration from this point, your CA Access Gateway will not work until you have registered this host with the Policy Server. It is strongly recommended that you review your information and complete the host registration."

What is the solution to resolving this? Should I uninstall the software and reinstall? What are the workarounds? 

Let me know, thanks!