This appendix applies to Agent for Apache HTTP Server. If a problem is discussed in this appendix, it either applies only to this agent or it applies to two or more agents with one of them being this agent. This appendix explains how you can resolve problems that you might encounter while deploying or using this web agent. Be sure to also check the Sun Java System Access Manager Policy Agent 2.2 Release Notes, to see if the problem that you encounter is a known limitation of the web agent. If workarounds are available for such problems, they will be provided in the release notes.
In this chapter, refer to the troubleshooting section applicable to your platform as follows:
Solaris Systems: Troubleshooting Symptoms in Agent for Apache HTTP Server
AIX Systems: Troubleshooting Symptoms in Agent for Apache HTTP Server
Linux Systems: Troubleshooting Symptoms in Agent for Apache HTTP Server
Windows Systems: Troubleshooting Symptoms in Agent for Apache HTTP Server
This section includes various problems you might encounter on Solaris systems. The explanation of the problem is followed by possible solutions.
Symptom: Cannot install the web agent after a previous installation has been removed.
The following is an example message that is displayed when you run the web agent installation program:
Sun Java(tm) System; Access Manager Policy Agent for Apache 1.3.29 or 2.0.48 or 2.0.50 or 2.0.52 is installed. Please refer to installation manual to configure this agent for another web server instance or uninstall it before installing another agent.
Possible Causes:
You might have an existing installation of the web agent.
You might have a previously-installed web agent and did not use the web agent’s uninstallation program to uninstall the agent.
The installation program’s productregistry file might be corrupted.
Possible Solutions: Performing the following troubleshooting activities might resolve the issue:
Check that you have uninstalled any existing installation of the web agent.
The productregistry file may be corrupted if there is no existing installation of the web agent. This file is used by the installation program to track installed products. It is found in /var/sadm/install directory.
Make a backup copy of productregistry file before you make changes.
Remove the web agent entry in this file. This entry starts with the following lines:
<compid>SUNWamapc <compversion>2.2 <uniquename>SUNWamapc</uniquename> <vendor></vendor> <compinstance>1 <parent>Agent for Apache <instance>1 <version>2.2</version> </instance> </parent> <comptype>COMPONENT</comptype> <location>/opt/apache_agent</location> <dependent> <compref>Agent for Apache <instance>1 <version>2.2</version> </instance> </compref> </dependent> <data> <key>pkgs <value>SUNWamapc</value> </key> </data> </compinstance> </compversion> </compid> <compid>Agent for Apache <compversion>2.2 <uniquename>Agent for Apache</uniquename> <vendor></vendor> <compinstance>1 <parent>Sun Java(tm) System Access Manager Policy Agent <instance>1 <version>2.2</version> </instance> </parent> <children> <compref>SUNWamapc <instance>1 <version>2.2</version> </instance> </compref> </children> <comptype>FEATURE</comptype> <location>/opt/apache_agent</location> <dependent> <compref>Sun Java(tm) System Access Manager Policy Agent <instance>1 <version>2.2</version> </instance> </compref> </dependent> <required> <compref>SUNWamapc <instance>1 <version>2.2</version> </instance> </compref> </required> </compinstance> </compversion> </compid> <compid>Sun Java(tm) System Access Manager Policy Agent <compversion>2.2 <uniquename>Sun Java(tm) System Access Manager Policy Agent</uniquename> <compinstance>1 <children> <compref>Agent Utils <instance>2 <version>2.2</version> </instance> </compref> <compref>Agent for Apache <instance>1 <version>2.2</version> </instance> </compref> </children> <comptype>PRODUCT</comptype> <location>/opt/apache_agent</location> <uninstaller>/usr/java/bin/java -classpath /opt/apache_agentuninstall_Sun_Java_tm__System_Access_Manager_Policy_Agent</uninstaller> <required> <compref>Agent Utils <instance>2 <version>2.2</version> </instance> </compref> <compref>Agent for Apache <instance>1 <version>2.2</version> </instance> </compref> </required> </compinstance> </compversion> </compid> |
Symptom: The uninstallation program does not remove entries from the agent’s web container.
Possible Causes: Another instance of the web agent exists that was configured using the configuration script.
Possible Solution: Remove all the instances of the web agent using the unconfig script before running the uninstallation program.
Symptom: The browser goes into a loop for approximately a minute before displaying an access-denied page.
Possible Cause: The user tries to access a resource for which a policy with a time condition has been set and the time on the web agent host and the Access Manager host are not in sync.
Possible Solution: Login as root and run the command rdate hostname to synchronize the time on both the hosts.
Symptom: This problem is specific to Agent for Apache HTTP Server. The following error message is encountered:
The directory you provided does not contain a httpd binary<p> file. Please re-enter the full path to the<p> directory where the Apache httpd binary file is located |
This error message can occur during installation of Agent for Apache HTTP Server after you provide information about Apache Binary Directory. The following is an example of a directory name you might provide, which would normally not result in an error message:
/usr/apache/bin |
Possible Cause
The version of Apache HTTP Server that you are using might be the version that comes bundled with SolarisTM 9 Operating System or with Solaris 10 Operating System. These Apache HTTP Server bundled packages are incomplete and should not be used. For example, such bundled packages do not come with the httpd.conf file to which the preceding error message refers.
Possible Solution: Download the desired version of Apache HTTP Server from the Apache web site at http://www.apache.org/. Compile and install the downloaded version of Apache HTTP Server before attempting to install the agent.
Symptom:When a user attempts to access a resource using Internet Explorer as the browser, access is denied.
Possible Cause: Internet Explorer overrides the port number of the web agent with the Access Manager port number. In such cases, the agent log file lists the URL that is being evaluated. The port number for that URL is incorrect.
Possible Solution: You can ensure this problem does not occur by setting the following property in the web agent AMAgent.properties configuration file to true as shown:
com.sun.am.policy.agents.config.override_port = true
This section includes various problems you might encounter with this agent on AIX systems. The symptom of the problem is followed by possible causes and solutions.
Symptom: The browser goes into a loop for approximately a minute before displaying an access-denied page.
Possible Cause: The user tries to access a resource for which a policy with a time condition has been set and the time on the web agent host and the Access Manager host are not in sync.
Possible Solution: Login as root and run the command rdate hostname to synchronize the time on both hosts.
Symptom: The agent goes into an infinite loop.
Possible Cause: The value for the following property in the web agent AMAgent.properites configuration file is a resource to which users are assigned:
com.sun.am.policy.agents.config.accessdenied.url
The users assigned to this resource, do not have allow in the policy definition.
Possible Solution: For the get method, specify allow in the policy definition.
Symptom:When a user attempts to access a resource using Internet Explorer as the browser, access is denied.
Possible Cause: Internet Explorer overrides the port number of the web agent with the Access Manager port number. In such cases, the agent log file lists the URL that is being evaluated. The port number for that URL is incorrect.
Possible Solution: You can ensure this problem does not occur by setting the following property in the web agent AMAgent.properties configuration file to true as shown:
com.sun.am.policy.agents.config.override_port = true
This section includes various problems you might encounter on Linux systems. The explanation of the problem is followed by possible solutions.
Symptom:When a user attempts to access a resource using Internet Explorer as the browser, access is denied.
Possible Cause: Internet Explorer overrides the port number of the web agent with the Access Manager port number. In such cases, the agent log file lists the URL that is being evaluated. The port number for that URL is incorrect.
Possible Solution: You can ensure this problem does not occur by setting the following property in the web agent AMAgent.properties configuration file to true as shown:
com.sun.am.policy.agents.config.override_port = true
This section includes various problems you might encounter on Windows systems. The explanation of the problem is followed by possible solutions.
Symptom: Cannot install the web agent after a previous installation has been removed.
Possible Causes:
You might have an existing installation of the web agent.
You might have a previously-installed web agent and did not use the web agent’s uninstallation program to uninstall the agent.
The installation program’s productregistry file might be corrupted.
Possible Solution: To resolve the issue, manually remove the web agent as explained in the following task description.
Stop all of the web sites.
Stop the web server instance.
Remove Agent for Apache HTTP Server.
Remove the PolicyAgent-base directory from the server.
where PolicyAgent-base represents the directory in which the web agent was originally installed.
Remove the following entries from the PATH variable:
PolicyAgent-base\bin
PolicyAgent-base\es6\bin
Restart the server.
Symptom: Unable to uninstall the agent from a Windows system using the Add/Remove Program option in the Control Panel.
Possible Causes: Java’s class path might not be set correctly on the machine.
Possible Solution: Perform the following task.
Open Command Prompt Window.
Change directories to PolicyAgent-base
Execute the following command:
java uninstall_Sun_Java_tm_System_Access_Manager_Policy_Agent
Symptom:When a user attempts to access a resource using Internet Explorer as the browser, access is denied.
Possible Cause: Internet Explorer overrides the port number of the web agent with the Access Manager port number. In such cases, the agent log file lists the URL that is being evaluated. The port number for that URL is incorrect.
Possible Solution: You can ensure this problem does not occur by setting the following property in the web agent AMAgent.properties configuration file to true as shown:
com.sun.am.policy.agents.config.override_port = true