Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Web Server 7.0

Previous: Appendix A Silent Installation and Uninstallation of a Web Agent in Policy Agent 2.2
Next: Appendix C Web Agent AMAgent.properties Configuration File

Appendix B Troubleshooting Agent for Sun Java System Web Server 7.0

This appendix applies to Agent for Sun Java System Web Server 7.0. If a problem is discussed in this appendix, it either applies only to this agent or it applies to two or more agents with one of them being this agent. This appendix explains how you can resolve problems that you might encounter while deploying or using this web agent. Be sure to also check the Sun Java System Access Manager Policy Agent 2.2 Release Notes, to see if the problem that you encounter is a known limitation of the web agent. If workarounds are available for such problems, they will be provided in the release notes.

Each of the following troubleshooting symptoms is followed by possible causes and solutions.

Troubleshooting Symptom 1

Symptom: On UNIX-based systems, during the installation process, retrieving and encrypting information from the password file results in an error such as the following:

Reading data from file path-of-password-file
 and encrypting it ... ***ERROR: Installation failed due to the 
following error - (Invalid empty password specified.).

Where path-of-password-file is a placeholder representing the path to a file from which the system is attempting to retrieve the password.

Possible Causes: The crypt_util program does not have executable permissions. Ensuring that this program has executable permissions is a step that should be performed prior to installation.

Possible Solution:

Add executable permissions to the crypt_util program as described in To Prepare to Install Policy Agent 2.2 for Sun Java System Web Server 7.0.
Remove the Agent_00x directory, presumably Agent_001.
Install the agent.

Troubleshooting Symptom 2

Symptom: The uninstallation program does not remove entries from the agent’s web container.

Possible Causes: Another instance of the web agent exists that was configured using the agentadmin --install .

Possible Solution: Remove all the instances of the web agent using either the agentadmin --uninstall command (for an individual Sun Java System Web Server 7.0 instance) or the agentadmin --uninstallAll command.

Troubleshooting Symptom 3

Symptom: Instances of Agent for Sun Java System Web Server 7.0 are not effective after the modification of the Sun Java System Web Server 7.0 configuration using the Administration Console.

Possible Cause: Modifications to the configuration of the Web Server's configuration files (obj.conf, magnus.conf) might be overwritten by the server, which would disable the web agent completely.

Possible Solution:

Check whether multiple files named obj.conf exist in the config directory of the Sun Java System Web Server 7.0 instance.
If multiple files exist, then look for <object-file> in the server.xml file for which obj.conf is referenced.
If the referenced file is different from the default obj.conf file, then copy agent-related configuration settings to the new obj.conf file.

The following settings need to be added. Use the default obj.conf file as a reference for where to add these settings:

PathCheck fn=validate_session_policy

<Object ppath="*/dummypost/sunpostpreserve*">
Service type=text/* method=(GET) fn=append_post_data
</Object>
<Object ppath="*/UpdateAgentCacheServlet*">
Service type=text/* method=(POST) fn=process_notification
</Object>

Troubleshooting Symptom 4

Symptom: The browser goes into a loop for approximately a minute before displaying an access-denied page.

Possible Cause: The user tries to access a resource for which a policy with a time condition has been set and the time on the web agent host and the Access Manager host are not in sync.

Possible Solution: Login as root and run the command rdate hostname to synchronize the time on both the hosts.

Troubleshooting Symptom 5

Symptom: When a user attempts to access a resource using Internet Explorer as the browser, access is denied.

Possible Cause: Internet Explorer overrides the port number of the web agent with the Access Manager port number. In such cases, the agent log file lists the URL that is being evaluated. The port number for that URL is incorrect.

Possible Solution: You can ensure this problem does not occur by setting the following property in the web agent AMAgent.properties configuration file to true as shown:

com.sun.am.policy.agents.config.override_port = true