Symantec Access Management

  • Private Community

  • 1.  Agent failing to start / generate start logs

    Posted Jul 19, 2018 11:15 AM

    We have a 12.52.0108 web agent running on Windows 2016 (proven successful with other applications) and the agent will install and proceed through the registration process but will not general startup log files which is indicative of the agent not starting. I do see in the WAM UI that there is an attempt for the agent to communicate to the policy server since there is a trusted host entry. The issue is that nothing will come up in the agent instances section and the logs don't populate. 

     

    We have check write permissions for the folder and start permissions for the agent on the server as well and those are both configured correctly. HCO and ACO settings are correct as well since they are taken by the registration wizard. I am at a loss for things to check and unfortunately do not have access to the application server. Is there anything out there like this that someone has delt with or might be able to suggest checking. My thoughts have been that this is networking related but a ping can be made as well as a tracert. Windows defender and firewall have been confirmed to be set to off as well.



  • 2.  Re: Agent failing to start / generate start logs

    Posted Jul 20, 2018 03:04 AM

    Hi Taylor,

     

    You need to update the below ACO parameters to get the Agent logs and trace to be generated.

     

    LogFile
    LogFileName
    TraceFile
    TraceFileName

     

    Refer below blog for detailed steps.

    Tech Tip:How to enable trace logging in SSO (aka Siteminder) Webagent 

     

    Regards,

    Leo Joseph.



  • 3.  Re: Agent failing to start / generate start logs

    Posted Jul 20, 2018 10:04 AM

    Those have already been set as well as the TraceConfig attribute which you need to generate that log, btw.



  • 4.  Re: Agent failing to start / generate start logs

    Broadcom Employee
    Posted Jul 20, 2018 02:20 PM

    Hope there has not been any application deployed on this agent yet, which really complicates things.

    When starting IIS, use browser to hit web site, ensure LLAWP process is UP.

    If LLAWP is not UP, then there won't be any logs generated.

    Trusted host entry can only prove this agent is registered, it does not confirm LLAWP is running.

    LLAWP may not run for different reasons.

    LLAWP process has to have permission to access and write to log directory.

    Review your windows event viewer too for any warn/error.

     

    Regards,

    Hongxu



  • 5.  Re: Agent failing to start / generate start logs

    Posted Jul 20, 2018 03:57 PM

    Hongxu,

     

    There is already an application setup on this server and being hosted by tomcat, so we are using IIS as a reverse proxy to allow the web agent to filter the traffic. The web agent is now running and generating logs but is not passing user credentials with a basic auth now. I don't have anything coming accross in the trace logs either for a user aside from this line. 

     

    [07/20/2018][14:08:36][2652][2804][CSmHttpPlugin.cpp:2684][CSmHttpPlugin::ProcessCredentials][00000000000000000000000001000000-0a5c-5b522524-0af4-00c67895][*::1][][<redacted agent name>][/identityiq/][][Missing required cookies, exiting.]

     

    We can see that the resource is protected

    [07/20/2018][14:08:36][2652][2804][CSmLowLevelAgent.cpp:514][IsResourceProtected][00000000000000000000000001000000-0a5c-5b522524-0af4-00c67895][*::1][][<redacted agent name>][/identityiq/][][Resource is protected from Policy Server.]