Symantec Access Management

  • Private Community
 View Only

  • 1.  IWA server startup issue

    Posted Aug 17, 2016 02:03 AM

    Created on behalf of : ANIL CHARUGUNDLA

    This in continuation to thread : XPSIMport fails during patching

     

    One last follow up: Appreciate any insight as usual.

    My IWA server had issues coming up after this switch. All the other webagents seem to work fine, although all of the rest of them are non-windows.

    Policy server show no logs about this event, shows no connections from this agent either.

    Event Viewer has no issues, shows successful initialization of Agent.However, after few mins the agent dies:

     

    agent:

     

    6200/6212][Wed Aug 17 2016 00:23:12][CSmAdminManager.cpp:250][INFO][sm-AgentFramework-00280] ADMIN: Administration Manager initialized.

    [6200/6212][Wed Aug 17 2016 00:23:12][CSmHighLevelAgent.cpp:192][INFO][sm-AgentFramework-00380] HLA: Initialization complete.

    [6200/6232][Wed Aug 17 2016 00:23:13][CSmLowLevelAgent.cpp:546][ERROR][sm-AgentFramework-00520] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_IsProtectedEx' returned '-1'.

    [6200/6232][Wed Aug 17 2016 00:23:13][CSmProtectionManager.cpp:192][ERROR][sm-AgentFramework-00420] HLA: Component reported fatal error: 'Low Level Agent'.

    [6200/6232][Wed Aug 17 2016 00:23:13][CSmHighLevelAgent.cpp:1010][ERROR][sm-AgentFramework-00420] HLA: Component reported fatal error: 'Session Manager'.

    [6200/6352][Wed Aug 17 2016 00:27:38][CSmHighLevelAgent.cpp:206][INFO][sm-AgentFramework-00390] HLA: Stopping.

    [6200/6352][Wed Aug 17 2016 00:27:38][SmPlugin.cpp:103][INFO][sm-AgentFramework-00180] Agent Framework plug-in 'SM_WAF_HTTP_PLUGIN' shutdown.

    [6200/6352][Wed Aug 17 2016 00:27:38][SmAgentAPI.cpp:1671][INFO][sm-AgentFunc-00040] Agent API has been released.

    [6376/6380][Wed Aug 17 2016 00:27:59][LLAWorkerProcess.cpp:1916][INFO][sm-AgentFramework-00690] LLAWP: Stopping.

    [6376/6380][Wed Aug 17 2016 00:27:59][SmAgentAPI.cpp:1671][INFO][sm-AgentFunc-00040] Agent API has been released.

    [6376/6412][Wed Aug 17 2016 00:27:59][LLAWPMsgBus.cpp:512][INFO][sm-AgentFramework-00670] LLAWP: Message bus stopped.

    [6376/6408][Wed Aug 17 2016 00:27:59][LLAWPLogQ.cpp:719][INFO][sm-AgentFramework-00640] LLAWP: Tracing stopped.

     

     

     

    [6376/6408][Wed Aug 17 2016 00:27:59][LLAWPLogQ.cpp:723][INFO][sm-AgentFramework-00600] LLAWP: Logging stopped.

     

    Trace.log:

     

    08/17/2016][00:23:13][6200][6232][CSmHighLevelAgent.cpp:1017][ProcessAdvancedAuthentication][000000000000000000000000750b980a-1838-57b3f4c1-1858-00350029][*10.154.102.223][][6e1vgRn4UbPwwYMj9cq3ddATGIKxQq3wtYIQYDFUXlB2EFQOiMeOEqj9S+tWBR7r][/wps/myportal/globalportal/][][ProtectionManager returned SmNoAction or SmFailure, end new request.]

    [08/17/2016][00:23:13][6200][6232][CSmLowLevelAgent.cpp:3079][ReportHealthData][][][][][][][Accumulating HealthMonitorCtxt.]

    [08/17/2016][00:27:38][6200][6352][SmIIS70Module.cpp:543][CSmIIS70Module::Shutdown][][][][][][][IIS 7.0 Native Module shutting down.]

    [08/17/2016][00:27:38][6200][6352][CSmHighLevelAgent.cpp:204][Shutdown][][][][][][][High Level Agent shutting down.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Resource Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Session Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Response Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Session Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmProtectionManager.cpp:125][CSmProtectionManager::Shutdown][][][][][][][ProtectionManager shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Credential Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Challenge Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Response Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Session Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmAuthenticationManager.cpp:124][CSmAuthenticationManager::Shutdown][][][][][][][AuthenticationManager shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Response Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmManager.cpp:82][Variable Manager][][][][][][][Shutdown.]

    [08/17/2016][00:27:38][6200][6352][CSmAuthorizationManager.cpp:124][CSmAuthorizationManager::Shutdown][][][][][][][AuthorizationManager shutdown.]

    [08/17/2016][00:27:38][6376][6412][LLAWPMsgBus.cpp:221][ProcessMessage][][][][][][][Close message received from client '6200.6212']

    [08/17/2016][00:27:38][6200][6352][SmAgentAPI.cpp:1671][][][][][][][][LogMessage:INFO:[sm-AgentFunc-00040] Agent API has been released.]

    [08/17/2016][00:27:38][6200][6352][CSmAgentApiBase.cpp:612][CSmAgentApiBase::Shutdown][][][][][][][AgentApiBase Shutdown.]

    [08/17/2016][00:27:59][6376][6380][LLAWorkerProcess.cpp:1601][main][][][][][][][Stop signaled.]

    [08/17/2016][00:27:59][6376][6380][LLAWorkerProcess.cpp:1911][main][][][][][][][LLAWP Stopping.]

    [08/17/2016][00:27:59][6376][6380][LLAWorkerProcess.cpp:1916][][][][][][][][LogMessage:INFO:[sm-AgentFramework-00690] LLAWP: Stopping.]

    [08/17/2016][00:27:59][6376][6380][SmAgentAPI.cpp:1671][][][][][][][][LogMessage:INFO:[sm-AgentFunc-00040] Agent API has been released.]

    [08/17/2016][00:27:59][6376][6412][LLAWPMsgBus.cpp:504][MsgBusWorkerFunc][][][][][][][Stop signaled.]

    [08/17/2016][00:27:59][6376][6412][LLAWPMsgBus.cpp:510][MsgBusWorkerFunc][][][][][][][Message bus shutdown.]

    [08/17/2016][00:27:59][6376][6412][LLAWPMsgBus.cpp:512][][][][][][][][LogMessage:INFO:[sm-AgentFramework-00670] LLAWP: Message bus stopped.]

    [08/17/2016][00:27:59][6376][6408][LLAWPLogQ.cpp:715][LogWorkerFunc][][][][][][][Stop signaled.]

    [08/17/2016][00:27:59][6376][6408][LLAWPLogQ.cpp:717][LogWorkerFunc][][][][][][][Tracing shutdown.]

    [08/17/2016][00:27:59][6376][6408][LLAWPLogQ.cpp:719][][][][][][][][LogMessage:INFO:[sm-AgentFramework-00640] LLAWP: Tracing stopped.]

    [08/17/2016][00:27:59][6376][6408][LLAWPLogQ.cpp:723][][][][][][][][LogMessage:INFO:[sm-AgentFramework-00600] LLAWP: Logging stopped.]

     

    I had to roll back to my CR1 policy store as I cd not get the environment up in allocated 3 hr window. Will try again tomorrow, this time all I had to do is change the sm.registry file with CR5 settings.



  • 2.  Re: IWA server startup issue

    Posted Aug 17, 2016 02:06 AM

    Thanks, Ujwol. I should have done this myself. Was updated that thread as I thought they were related and it is easier for other people to follow and have the entire background. But I appreciate you creating another question.



  • 3.  Re: IWA server startup issue

    Broadcom Employee
    Posted Aug 18, 2016 02:29 PM

    Anil,

     

    Did you get this problem resolved?



  • 4.  Re: IWA server startup issue

    Posted Aug 18, 2016 02:41 PM

    No, I did not. I am waiting for another outage window to reproduce it.

    Hopefully this weekend.

     

    Thanks

    Anil Charugundla, CISSP

    Tel:314-292-2644



  • 5.  Re: IWA server startup issue

    Broadcom Employee
    Posted Aug 18, 2016 02:45 PM

    Have you opened a support case for this issue? I suggest you do that.



  • 6.  Re: IWA server startup issue

    Posted Aug 17, 2016 02:58 AM

    Hi Anil,

     

    I would enable TLI logging to investigate this.

    But it's weird if it got resolved by downgrading to CR1.

     

    Error Logs and Trace Logs - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation

     

    Enable Transport Layer Interface (TLI) Logging

    When you want to examine the connections between the agent and the Policy Server, enable transport layer interface logging.

    To enable TLI logging

    1. Add the following environment variable to your web server.SM_TLI_LOG_FILE
    2. Specify a directory and log file name for the value of the variable, as shown in the following example:
      directory_name/log_file_name.log
    3. Verify that your agent is enabled.
    4. Restart your web server.
      TLI logging is enabled.


  • 7.  Re: IWA server startup issue

    Posted Aug 18, 2016 04:48 PM

    Hi Anil,

     

    As per my understanding the below error indicates:

    [ERROR] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_IsProtectedEx' returned '-1'

     

    Sm_AgentApi_IsProtectedEx is a function which checks whether the requested resource

    is Protected by the Siteminder and if yes and then returns the REALM which protects the requested resource.

     

    Parameters passed in the function are

    1) clientIpAddress: The IP address of the client asking for the resource

     

    2)The resource to be checked

     

    3)Return value

     

    The return Value of -1 signifies that the Policy Server Could not be reached.

     

    Have you checked if their is no issue with connectivity from Windows machine to the policy server? Also if any firewall or any thing in network is blocking your webagent to reach the policy server?

     

    You may also check if the version used for Windows agent is correct and it is supported by CA.

     

     

     

    Regards,

    Tanvi

     



  • 8.  Re: IWA server startup issue

    Posted Aug 18, 2016 04:55 PM

    Hi Tanvi, I am using the same policy server, the only chang e is that

    policy store is  patched to CR5 from CR1.

     

    As soon as I went back to CR1 policy store, IIS came up fine.



  • 9.  Re: IWA server startup issue

    Posted Aug 18, 2016 04:59 PM

    Okay Anil. It may sound wierd but have you tried re-registration of your host after upgrade?  I mean you may want to try out this way?



  • 10.  Re: IWA server startup issue

    Posted Aug 23, 2016 06:33 PM

    And today when I tried to reproduce, it miraculously started to work fine. This is more dangerous than not working at all.