Symantec Access Management

Hi,

I am trying to create two instance of same application in tomcat. for one of the instance I am getting below error.

[CSmLowLevelAgent.cpp:491][ERROR] LLA: SiteMinder Agent Api function failed - 'Sm_AgentApi_IsProtectedEx' returned '-1'.

[CSmProtectionManager.cpp:192][ERROR] HLA: Component reported fatal error: 'Low Level Agent'.

[CSmHighLevelAgent.cpp:376][ERROR] HLA: Component reported fatal error: 'Protection Manager'.

[IsResourceProtected][Communication failure between SiteMinder policy server and web agent.]

[CSmProtectionManager::DoIsProtected][LowLevelAgent returned SmFailure.]

[ProcessRequest][ProtectionManager returned SmNoAction or SmFailure, end new request.]

Can you please let me know could be wrong with configuration or if anything is missing.

Thanks,

Nilesh

Hi Raju,

Thanks for the reply.

The problem is I am trying to run the same application with different context.

Consider I have application deployed/mounted with context/name xyz. This is already running application & working fine.

Now I am trying to setup another instance of same application with name xyzweb. When I hit the URL getting above errors. Tomcat logs are fine & no errors in tomcat, everything is initialized properly.

Now if I stop the existing xyz application & rename xyzweb to xyz, its working fine.

So I feel that I am missing some configuration here, which I am not able to catch.

For your information we have apache server and multiple tomcat servers running on them.

Let me know if you have any pointers to that.

Hi Nilesh,

I'll try to move this thread to Siteminder forum for their expertise.  I'm thinking your question is more generic to Siteminder and not tied to Service Management itself.

thx

_R

Can someone from Siteminder assist Nilesh on his situation?

Thx

_R

Hi,

The error :

    Communication failure between SiteMinder policy server and web agent

might occur because :

      - There's a network problem between the Web Agent and Policy Server;

      - The Web Agent bad or corrupted request data to the Policy Server;

      - The Policy Server is too busy to answer the request.

To trouble shoot that, ensure you have the Web Agent and Policy Servers

traces, and insure that the failing request is received or not by the

Policy Server, and if the Policy Server receives it, check that all needed

data are in the request. Most of the time, the AgentName is wrong. When the

Web Agent receives an old encrypted AgentName, and because it doesn't have

the Key to decrypt it, it send the AgentName as is and as such, the Policy

Server cannot find it in the Policy Store.

Best Regards,

Patrick

Hi Raghu,

In addition to Patrick suggested, check smps.log on policy server to see if any error wrt agent getting logged in same time stamp. That might give some idea of why communication between agent and policy server is failing.

Thanks,

Ankush

Hi ,

I have seen this similar behavior. I found out to be using multiple Agent names under 'Default agent name' attribute.I removed and kept one agent name and it worked.

Hope it helps someone !

Regards,

Balakrishna