Symantec Access Management

  • Private Community
 View Only

  • 1.  Getting 500 error on IIS website after siteminder agent installation

    Posted Jun 01, 2020 04:50 AM
    Hello All,

    I have done web agent installation on the IIS 7.5 windows 2008 64 bit server and installation went fine and couldn't see any issues in the installation logs and could see the trusted host reflecting in the Admin UI. But when we enable the web agent the site goes down and we start getting 500 error and when we disable the agent website starts working fine.

    Have checked the siteminder agent ISAPI filter on the website is at the top and we also it's at top of the list in Handler mapping, we are using Siteminder 12.5 SP2.

    What could be the issue here? can you please share your comments.

    Thank You
    Ankur Taneja


  • 2.  RE: Getting 500 error on IIS website after siteminder agent installation
    Best Answer

    Broadcom Employee
    Posted Jun 01, 2020 04:23 PM

    HI Ankur,

    It sounds like the agent is failing to initialize.  Agent initialization failure can occur for a variety of reasons.  Check the Event Viewer's Application Log for the error that is occurring.  It may be a somewhat generic failure with the agent unable to load the SmHost.conf or Agent Configuration Object (ACO), in which case you will need to check all the startup details/conditions.

    When the web server starts, the agent first reads the WebAgent.conf file.  Assuming the agent is enabled, it will next load the SmHost.conf file.  This results in the agent connecting to one of the bootstrap servers from SmHost.conf.  From that bootstrap server the agent will load the Host Configuration Object (HCO) and connect to each policy server in that HCO.  From one of those policy servers the agent will download the ACO at which point initialization will be complete.

    Using the sequence above, check every detail along the sequence.  A typo in the HCO or ACO name will cause an initialization failure.  WebAgent.conf will reside in the IIS/bin folder, and this file points to the location of SmHost.conf.  If checking all the file locations and object names doesn't lead you to a cause/solution, check the policy server's smps.log to see if the agent may be experiencing a connection issue.  If you see handshake failures, you may need to reregister the agent (trusted host).  

    For IIS agents that are not initializing properly, you may need to add the AgentWaitTime parameter to your WebAgent.conf file.  Details can be found here:
    https://knowledge.broadcom.com/external/article?articleId=41408

    Regards,
    Pete


    Original Message


  • 3.  RE: Getting 500 error on IIS website after siteminder agent installation

    Posted Jun 08, 2020 07:29 AM
    Hello Peter,

    Thank you for the reply.

    Yes, after looking at Event Viewer could find error that unable to load ACO. Checked the ACO name again and it was different from what was configured. After changing that it worked fine.

    Thanks Again
    Ankur Taneja
    Original Message


  • 4.  RE: Getting 500 error on IIS website after siteminder agent installation

    Posted Jun 29, 2020 08:43 AM
    Hello Peter,
    I have a question on below: 
    "When the web server starts, the agent first reads the WebAgent.conf file.  Assuming the agent is enabled, it will next load the SmHost.conf file.  This results in the agent connecting to one of the bootstrap servers from SmHost.conf.  From that bootstrap server the agent will load the Host Configuration Object (HCO) and connect to each policy server in that HCO.  From one of those policy servers the agent will download the ACO at which point initialization will be complete. "

    When we have multiple policy servers in the SmHost.conf, which one the Webagent will connect to? 
    Original Message