Symantec Access Management

  • 1.  Unable to load SiteMinder agent configuration object.

    Posted Jun 19, 2012 04:32 PM
    Hi,
    I am trying to install Webagent smwa-6qmr6-cr007-rhas30-x86-64 on RH Enterprise Linux 5.X x86_64 . After installing and configuring I am getting error
    [19/Jun/2012:12:20:58] [Info] [CA WebAgent LLAWP] [12187] [LLAWP has been started.]
    [19/Jun/2012:12:21:00] [Error] SiteMinder Agent
    Unable to load SiteMinder agent configuration object.
    Check that you are using the right agent configuration object and that it exists in your policy server.
    [19/Jun/2012:12:21:00] [Error] SiteMinder Agent
    Failed to initialize the configuration manager.
    LLAWP unable to get configuration, exiting.
    [Tue Jun 19 12:21:03 2012] [notice] Digest: generating secret for digest authentication ...
    [Tue Jun 19 12:21:03 2012] [notice] Digest: done
    [Tue Jun 19 12:21:03 2012] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
    [root@sjrhsrc bin]# file LLAWP
    LLAWP: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), for GNU/Linux 2.4.0, not stripped

    [root@sjrhsrc bin]# uname -a
    Linux sjrhsrc.testdomain.com 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux


    [root@sjrhsrc bin]# more /etc/redhat-release
    Red Hat Enterprise Linux Server release 5.7 (Tikanga)


    Attached Httpd.conf,smhost.conf,webagent.conf files.

    thank you,

    Attachment(s)

    txt
    Webagent.Conf.txt   677 B 1 version
    txt
    httpd.conf.txt   35 KB 1 version
    txt
    Host.conf.txt   839 B 1 version


  • 2.  RE: Unable to load SiteMinder agent configuration object.

    Posted Jun 19, 2012 04:35 PM
    Are you sure you gave the right ACO and HCO names during the Web Agent Installation?


  • 3.  RE: Unable to load SiteMinder agent configuration object.

    Posted Jun 19, 2012 04:42 PM
    Yes, HCO and ACO gave during the configuration. Also see ACO and HCO information on SMHOST.conf file.

    thank you.


  • 4.  RE: Unable to load SiteMinder agent configuration object.
    Best Answer

    Posted Jun 19, 2012 05:12 PM
    Policy server IP and ports, are these correct? policyserver="140.119.18.21,44441,44442,44443"
    Do you use the 3 separate port setup? (I have seen the registration tool default to the 3 port smhost.conf settings, even though you use a single port config in the registration)

    Double check that the hco and aco names in the files match those in the policy server


  • 5.  RE: Unable to load SiteMinder agent configuration object.

    Posted Jun 19, 2012 05:24 PM
    is 6qmr6 agent support linux kernel 2.6 ??


  • 6.  RE: Unable to load SiteMinder agent configuration object.

    Posted Jun 20, 2012 08:53 AM

    sso wrote:

    is 6qmr6 agent support linux kernel 2.6 ??
    going by kernel is bad. we havent tested based on kernel.

    check your output of "cat /etc/*release" against what's in the platform support matrix


    as for this error, please note that in some combinations the names are CASE SENSITIVE. this means TestHCO is not tESThco

    Are you also pursuing this in a case? if so let the engineeer know about the thread so that they can post the solution please.

    -Josh Perlmutter


  • 7.  RE: Unable to load SiteMinder agent configuration object.

    Posted Jun 20, 2012 04:26 PM
    Hi sso,


    You are running Red Hat Enterprise Linux 5.7
    Linux kernel 2.6.18-274.el5 includes the kernel security and bug fix updates. (.7)

    This should not be an issue since you are using RHEL 5.7 (RHEL 5 Tikanga)

    We do have a small disclaimer on the platform support matrix:

    32. Supported with all Red Hat updates. Any problems reported will be fixed on the latest Red Hat update. Security Enhanced Red Hat Linux is supported, please see vendor’s documentation for setup instructions to enable third-party processes (such as SiteMinder) to run on the system.

    Not to worry, let’s move on..

    >>>>>>>>>>

    Few questions...

    Is apache running in prefork or worker mode? Please send the output of:

    /usr/sbin/apachectl -V (capitol V)

    This will tell you if you are running RedHat apache in 32 or 64 mode, and which MPM (prefork or worker)

    Please see my Tuesday Tip write up “Apache - prefork vs. worker mode, how to check mode and more”

    98293078

    This will provide greater detail between the two modes and how to switch easily in RedHat. (Default is prefork I believe on RHEL 5, if multi proc machine with no crashes, thread safe libraries and no php, you should HIGHLY consider worker MPM.


    Back on topic 

    1.)
    Per the platform support matrix we support 32 bit and 64- RHEL RedHat Apache 2.2.x using 6QMR5CR21 (CR23 for 64-bit) or greater... So yes, a 6QMR6 agent should work.
    2.)
    Looking at your httpd.conf, prefork and worker mode MPMs both seem to have some tuning to make. Check out apache.org
    3.)
    User is apache per httpd.conf
    4.)
    Server path....is ServerPath="/etc/httpd/conf"

    Make sure the ServerPath variable is set in the WebAgent.conf(correct). Do not add this setting to the LocalConfig.conf or AgentConfigurationObject.

    The value you set for the ServerPath parameter must be:
    A.) a full path name to a directory or file (correct)
    B.) accessible (allow read and write permissions) for the user account that the system uses to run the Web server. Also, all directories listed in the path leading to the file must be searchable. However, read, write, or execute permission of the named file itself is not required.
    C.) unique among the instances running on the system

    ls -al /etc/httpd/conf

    drwxr-xr-x 4 apache apache
    drwxr-xr-x 19 apache apache

    This is 755 (read, write, execute - read execute - read execute) owned by apache user/ apache group (same as your httpd.conf)


    5.)
    Does the hostname “sjrhsrc1” exist on the policy server? (Admin ui > Trusted Hosts)
    6.)
    Do you have an AgentConfigObject="sjrhsrc_aco" (Admin ui > Agent Conf objects)
    7.)
    Do ls -al on /opt/netegrity/webagent/config/SmHost.conf check the permissions –should be at least readable by everyone if other agents are using this file. 644 -rw-r--r-- (read write, read, read) **Note, this is for Static keys only..Let me know if you are using Dynamic
    8.)
    ls -al on your WebAgent.conf should be at least -rw-rw-r-- apache apache (664)
    9.)
    Check your hostconfigobject="HostSettings" in the admin ui (Admin ui > Host Conf Objects) Does HostSettings exist?


    Hopefully this resolves your issue, otherwise please open a case so support can review your agent log, agent trace log, apache access/error logs, etc

    Feel free to mention my name in the case and I will review as well.

    Good luck!
    Peter

    PS Please post back what resolves your issue for other users.. Thanks again :)