Symantec Access Management

Encrypt AgentName causing issues among agents.

I have upgraded my policy server from R12Cr1 to R12CR5 , at the same time seperated my key store from my policy store.

Since then, none of my agents were able to communicate with my IWA server agent. I had to modify all webagent ACO to add 'EncryptAgentName=No' so they can communicate to my IWA agent, which can in turn process login requests.

My IWA agent version is:

Product Name=CA SiteMinder Web Agent

FullVersion=12.51.1.972

Version=12.51

Please note that this agent has worked fine on my old R1252CR1 (key store embedded into policy store) before today.

Appreciate any thoughts as to why this was causing me an issue.

Hi Anil, what do you see in the policy server trace logs and web agent trace logs durign the handshake ?

Oh man, This is so very embarassing. Earlier, in IIS IWA log, I saw errors saying:

'Communication failure between policy server and webagent. '

Then I set EncryptAgentName=No and everything started to work fine. I had to do this to my agents on Unix and AIX.

When I set the EncryptAgentName=Yes to collect logs, I can no longer reproduce the issue. This is second issue I faced today, started working fine by itself.I will test this again later and keep you posted. Srry for the trouble.

By any chance were you using any bookmarked url ?

I am absolutely positive there are no book marks ..

Sent from my iPhone

Keep the EncryptAgentName value to YES and try to set the EnableKeyUpdate registry key to 1 on policy server.

Path - Netegrity->SiteMinder ->ObjectStore

Capture the logs and let me know what you see.