Symantec Access Management

  • Private Community

  • 1.  Apache web agent on Linux VM from AWS fails to intialize on startup

    Posted Aug 30, 2017 02:57 PM

    Hi Folks,

     

    We've done dozens of web agent installations before for our web infrastructure throughout the years.  We are now beginning to move toward the AWS cloud infrastructure and I am doing a POC.  We have an Amazon image of a Linux VM server and I installed Apache 2.4.27 and attempting to install/configure the R12.52 SP1 CR05 SiteMinder web agent to talk to our on premise SiteMinder policy server.  Everything seemed to be gong well, but when I start up Apache, I get an error:

     

    [30/Aug/2017:18:16:12] [Error] SiteMinder Agent
            Sm_AgentApi_Init Failed.

            ff ff ff ff
    [30/Aug/2017:18:16:12] [Error] SiteMinder Agent
            Failed to initialize the configuration manager.
            LLAWP unable to get configuration, exiting.

     

    Before starting this, we opened firewall rules between the AWS apache server host name (ip-10-48-29-137) and our on-prem policy server for ports: 44441/44442/44443.  When the Apache server starts up, I see the following entries in the smtracedefault.log file, which tells me that there is communication between PS to the AWS apache web agent:

     

    [08/30/2017][12:22:25][3906607984][][CServer.cpp:1869][CAgentMessageHandler::HandleInput][][][][][][][][Enqueuing a High Priority Message, from IP 10.48.29.137 with Port No 57646. Current count is 1]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:1428][ThreadPool::Run][][][][][][][][Dequeuing a High Priority message, from IP 10.48.29.137 with Port No 57646. Current count is 0]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:2126][CAgentMessageHandler::DoWork][][][][][][][][New connection attempt from client host]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:1910][GetSecretFunc][][][][][][][][Getting current secret for the Agent ip-10-48-29-137]
    [08/30/2017][12:22:25][4126894960][][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][Look up a cached object.]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:1985][GetSecretFunc][][][][][][][][Marking the shared secret as used for the Agent ip-10-48-29-137]
    [08/30/2017][12:22:25][3608890224][][SmObjCache.cpp:824][CSmObjCache::Fetch][][][][][][][][Retrieve an object from the object cache.]
    [08/30/2017][12:22:25][3608890224][][SmObjCache.cpp:824][CSmObjCache::Fetch][][][][][][][][Retrieve an object from the object cache.]

     

    One thing that I noticed difference in the smtracedefault.log file is that when this AWS apache server starts up, the smtracedefault.log file does not show entries of the "Fetching AgentKey", but when one of our on-prem Apache web servers starts up, we see the same log entries as the AWS server, but we also see the following entries regarding AgentKey:

     

    [08/30/2017][12:22:25][3906607984][][CServer.cpp:1869][CAgentMessageHandler::HandleInput][][][][][][][][Enqueuing a High Priority Message, from IP 10.48.29.137 with Port No 57646. Current count is 1]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:1428][ThreadPool::Run][][][][][][][][Dequeuing a High Priority message, from IP 10.48.29.137 with Port No 57646. Current count is 0]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:2126][CAgentMessageHandler::DoWork][][][][][][][][New connection attempt from client host]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:1910][GetSecretFunc][][][][][][][][Getting current secret for the Agent ip-10-48-29-137]
    [08/30/2017][12:22:25][4126894960][][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][Look up a cached object.]
    [08/30/2017][12:22:25][4126894960][][CServer.cpp:1985][GetSecretFunc][][][][][][][][Marking the shared secret as used for the Agent ip-10-48-29-137]
    [08/30/2017][12:22:25][3608890224][][SmObjCache.cpp:824][CSmObjCache::Fetch][][][][][][][][Retrieve an object from the object cache.]
    [08/30/2017][12:22:25][3608890224][][SmObjCache.cpp:824][CSmObjCache::Fetch][][][][][][][][Retrieve an object from the object cache.]

     

    We had been troubleshooting this for several days now and would much appreciate any insights that the community can provide for us to find the root cause of this issue.

     

    CA support case# 00829998

     

    Thanks in advance!

    Duc Tran.



  • 2.  Re: Apache web agent on Linux VM from AWS fails to intialize on startup
    Best Answer

    Broadcom Employee
    Posted Aug 30, 2017 03:07 PM

    This looks similar. Check this out.

     

    https://communities.ca.com/thread/241756267  



  • 3.  Re: Apache web agent on Linux VM from AWS fails to intialize on startup

    Posted Aug 30, 2017 04:15 PM

    This is now SOLVED:  adding comments below to hopefully help others in the community resolve similar issues:

     

    So on my new Linux VM from the AWS cloud, there is no DNS so when I registered the trusted host, I used the server IP address of my policy server rather than the server host name.  I compared the SmHost.conf file of this new web agent to the many web agent hosts on our on-prem environment and the only difference is the policy server host entry.

     

    So I modified the /etc/hosts file on the AWS VM and added IP address of the policy server and then modified the SmHost.conf file to use the policy server host name rather than IP addres - - > policyserver="ps.company.com,44441,44442,44443" then restarted Apache and amazingly it worked!

     

    This solved my issue, but I am still curious why it would complained about the IP address rather than server host name for the policy server.