Agent's qury! for a newbe!!!!!

Similar Messages

• Policy Agent 3.0 for Tomcat - Cannot obtain Application SSO token

  Hi
  I am trying to configure Sun OpenSSO Enterprise Policy Agent 3.0 for Apache Tomcat Application Server 6.
  After installing the Policy Agent, Tomcat is not starting.
  The Error in the stack is :
  =========
  Jun 14, 2009 2:21:00 AM
  org.apache.tomcat.util.digester.Digester startElement
  SEVERE: Begin event threw error
  java.lang.ExceptionInInitializerError
  at
  com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfig
  uration(AgentConfiguration.java:682)
  Caused by:
  com.sun.identity.security.AMSecurityPropertiesException:
  AdminTokenAction: FATAL ERROR: Cannot obtain Application
  SSO token.
  Check AMConfig.properties for the following properties
  com.sun.identity.agents.app.username
  com.iplanet.am.service.password
  at
  com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:
  258)
  =========
  There is no AMConfig.properties file. The Agent uses "OpenSSOAgentBootstrap.properties".
  Is there a workaround for this issue ?
  Cheers.

  Hi,
  I have the same Problem, did you come up with a solution for it?
  thanks
  Matrius

• SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT - Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties.

  Hi, can anyone help me troubleshoot the following please:
  Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties. DDRs were not generated for 524 object(s) that had warnings while reading
  critical properties.
  Possible cause: OU name or Security Group name may contain at least a Unicode character which has conversion problem between Unicode and your system ANSI locale(e.g. Korean characters in English System Locale). The site server might not have access to
  some properties of this object. The container specified might not have the properties available.
  Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.
  Does the error relate to 524 security groups? There are several invalid search paths listed in adsgdis.log, are these related?
  Thanks,
  Dale

  You'll have to examine the log to determine exactly which objects its referring to. Although this is in the context of group discovery, group discovery still creates DDRs for computer objects within those groups so it could be either groups or computers.
  This is not a search path issue though as it's clear that the discovery process found 524 different objects, but as stated, it could not properly read criticial properties of those objects and thus did not create DDRs for them.
  As mentioned, reading the log in detail will list the objects individually and the reason it could not create a DDR for it.
  Jason | http://blog.configmgrftw.com

• KDE. network manager "No agents were available for this request"

  I think there might be a bug with the networkmanagement plasmoid.
  Not sure if this is the right place to post it, or if maybe I should take this to the KDE forms¿??
  Anyway, took me quite a while to reproduce this, but it seems that with WPA wireless connections, when setting the "store connection secrets" to: "in secure storage (encrypted)", and then trying to edit the connection, an error is displayed with the following:
  "No agents were available for this request"
  im running kdeplasma-applets-networkmanagement 1:0.9.0.5-1 with its marked dependencies.
  Can anyone explain why this is happening?
  Am I missing something (agent??) in order to be able to store secrets in an encrypted file?
  Cheers.

  Use net-profiles.  arch linux wiki recommended that i think. Anyways, kde network manager lose connection every 1 minutes( in 2 machines i have tested ubuntu and arch linux).

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• Policy Agent 2.2 for Apache HTTP Server

  hi,
  I'm trying to configure Policy Agent 2.2 for apache http server.
  The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
  Then I log into access manager, but I'm redirected to an error page.
  Looking in log files I can see:
  agent's "amAgent" log file:
  Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
  Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
  Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
  Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it     
                 Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
  Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
                 Content-Type: text/xml; charset=UTF-8
  Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
  Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
  Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
  Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
  Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
  Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
  Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
  Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
  Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
  Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
  Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
  Access Manager's "amAuthentication.error" log file:
  "Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
  I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
  I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
  Where should I look to get more info about this problem? Specific log file?
  Is it due to wrong name/id/password of the agent? I really checked them many times...
  Thanks
  Fabio

  I think the error message "Application user ID is not valid" is pretty self evident.
  Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
  If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

• Ensuring the agent is up for all targets on a host

  Had an issue where the DBA's did not notice the agent on one host was down until it was too late.
  Is there a way to validate without DBA intervention (from the repository or OMS) werther or not the agent is working for ALL databases in an environment?
  Any ideas appreciated.
  Chris

  In OEM:
  Select Preferences (top - right hand corner) -> Notification Rules -> Click "Subscribe (Send E-mail" on Agents Unreachable -> Apply
  Under Notification rules you will find several interesting notifications that OEM can email you about.
  Hope this helps.
  Cheers

• SUn Policy Agent 2.2 for Weblogic 92

  We are using SUN POlicy agent 2.2. (for Weblogic) for Access Manager 6.3
  For this particular application I intermittantly get SSOToken invald message
  Its a sporadic behavior (sometimes work sometime does not)
  error -
  02/02/2007 12:22:41:057 PM EST: Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]
  SSOTokenValidator.validate(): Exception caught
  com.iplanet.sso.SSOException: AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=# Invalid session ID.AQIC5wM2LY4Sfcw k8CIsj Jujq92ltM5fNZJxh2qFYpAyw=@AAJTSQACMDE=#

  check the patch level of AM 6.3, it should be higher than 1

• NAC Agent only prompts for username and login on wireless

  Another question for the smart people of the world.
  I have had a couple laptops where the cisco NAC agent will prompt for a password and verify the computer via the wirless network but when I try to do that on the wired network, it sends me to the download page for the NAC agent. It doesnt seem to register that the NAC agent is installed and working even though it is.
  Any thoughts?
  Thanks

  Hi Jonathan,
  The NAC agent communicates with the CAS usiing the SWISS protocol. This protocol uses port 8095 for L2 adjacent devices to the CAS and 8096 protocol for L3 adjacent devices to the CAS.  Have you checked if these ports are allowed through to the CAS for the wired clients?  Do check the support logs on the CAM and CAS suggest something. If you can post the agent logs from the wired clients I could analize and let you know where the process is failing.
  Do let me know if this helps.
  Regards,
  Som

• SQL agent proxy account for Powershell

  I am trying to use a sql agent proxy account for PowerShell. Created the ad account, credential and the proxy but because the PowerShell accesses a bunch o sql servers it errors out.Even when I created a login for all the sql servers the powershell is trying
  to access it still failed so next I'd need to look at what permissions the powershell ad account needs to the objects it accesses. Is this the correct approach?
  What is the best way to go here and avoid using a sysadmin account to run the sql agent powershell job? Thanks!
  Paula

  Hi,
  Please check the error message in job history for details of job failed.
  Sysadmin is required or not depends on what you want to achieve on the SQL Server. For example, to execute sp_readerrorlog, the login must be a member of the securityadmin role and it is not required sysadmin.
  It does need to create the login(proxy account) on the all the SQL Server instances.
  A SQL Server Agent Proxy defines the security context under which different job steps run. The proxy contains the credentials of a Windows user account that does have access to the resources needed by the job. If you have a proxy specified in a job step, SQL
  Server Agent will impersonate the proxy account and run the job step while impersonating that user account.
  In order to find out the required permission, you may log in with this Windows user account(proxy credential) and run the PowerShell on the local machine and see the result. Alternately, connect in SQL Server Management Studio with this login and see what
  permission is required to execute the script.
  Thanks.
  Tracy Cai
  TechNet Community Support

• Sun One Identity Server Policy Agent 2.0 for IIS 5.0

  Hi,
  I try to use Sun Indentity Server with IIS, so I installed policy agent 2.0 for IIS 5.0. my operating system is Windows 2000 professional. I can see the ISAPI fiiter is loaded, but when I try to test the installation by access a testing page, like http://localhost/test.asp, I can not go anywhere, the sun identity server log in page is not loaded. I checked the debug log file, there are just two warning message:
  2003-02-12 11:11:52.314 Warning 1316:00A548E8 PolicyAgent: Invalid URL for property (com.sun.am.policy.agents.accessDeniedURL) specified
  2003-02-12 11:11:52.798 Warning 1316:00A548E8 PolicyAgent: FqdnHandler::FqdnHandler() No value specified for fqdnMap.
  Could someone help me out here? Any suggestion will be appreciated.
  Thanks,
  Harold Chen

  Well, it's in the Agent's installation guide, section "Read me first", "Setting Fully Qualified Domain Name". :)

• Problem in POST data preserve in Policy Agent 2.2 for SJSWS 6.1

  Hi
  I am using Policy Agent 2.2 for SJSWS 6.1
  I have a requirement to preserve the POST data when during the following situation.
  Consider a situation where in the user has logged in to our webapp and the user remains in a page which has a form with Post method .
  Mean while the session (of AM) times out and now the user enters the data in the data and submits the form.
  The user will be redirected to the login page and then the requested service should be performed, which is not happening in this case(POST). Suppose in if the form used a GET method this works fine.
  I have tried by configuring the following property in AMAgent.properties file.
  com.sun.am.policy.agents.config.postdata.preserve.enable = true
  But it doesn't work. When I tried to troubleshoot, I learned from the following resource that, POST data preservation is only supported on Policy Agent 2.2 for Sun Java System Web Server 7.0 Is it not supported on 6.1?
  http://docs.sun.com/app/docs/doc/820-1130/gaueu
  I get the following error in the log file of SJSWS.
  trying to POST /dummypost/sunpostpreserve2007-09-2804:48:53.379, send-file reports: HTTP4142: can't find /opt/SUNWwbsvr/docs/dummypost/sunpostpreserve2007-09-2804:48:53.379 (File not found)
  I have verified that the following entry is made in the obj.conf
  PathCheck fn=validate_session_policy
  <Object ppath="*/dummypost/sunpostpreserve*">
  Service type=text/* method=(GET) fn=append_post_data
  </Object>
  <Object ppath="*/UpdateAgentCacheServlet*">
  Service type=text/* method=(POST) fn=process_notification
  </Object>
  I am using the PA 2.2 which says that the following bug is fixed.
  Bug(s) fixed in 2.2 RTM Hotpatch 8
  ==================================
  Bug#: 6545159
  Agent type: Sun Java System Web Server agent
  Description: CDSSO mode wipes out form post data
  Appreciate your help.
  thanks & regards
  Madhu

  Hi
  Now I get 404 error and the logs in amAgent is
  2007-10-03 04:56:20.922 Error 22356:a51e558 PolicyAgent: Error Registering POST content body
  2007-10-03 04:56:20.922MaxDebug 22356:a51e558 PolicyAgent: Register POST content body : (null)
  2007-10-03 04:56:20.923 Debug 22356:a51e558 PolicyAgent: Register POST data key :2007-10-0304:56:20.922
  2007-10-03 04:56:20.923 Error 22356:a51e558 PolicyAgent: am_web_postcache_insert(): Unknown exception encountered.
  2007-10-03 04:56:20.923 Warning 22356:a51e558 PolicyAgent: Register POST data insert into hash table failed:2007-10-0304:56:20.922
  And in the errors log file of SJSWS is+_
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="uri-clean" Directive="PathCheck"
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="uri-clean" Directive="PathCheck" returned 0 (REQ_PROCEED)
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-pathinfo" Directive="PathCheck"
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-pathinfo" Directive="PathCheck" returned -2 (REQ_NOACTION)
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-index-j2ee" Directive="PathCheck"
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-index-j2ee" Directive="PathCheck" returned -2 (REQ_NOACTION)
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck"
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="find-index" index-names="index.html,home.html,index.jsp" Directive="PathCheck" returned -2 (REQ_NOACTION)
  [03/Oct/2007:05:13:05] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="validate_session_policy" Directive="PathCheck"
  [03/Oct/2007:05:13:05] fine (22515): Updating accelerator cache
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="validate_session_policy" Directive="PathCheck" returned 0 (REQ_PROCEED)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="type-j2ee" Directive="ObjectType"
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="type-j2ee" Directive="ObjectType" returned 0 (REQ_PROCEED)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="type-by-extension" Directive="ObjectType"
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="type-by-extension" Directive="ObjectType" returned 0 (REQ_PROCEED)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="force-type" type="text/plain" Directive="ObjectType"
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="force-type" type="text/plain" Directive="ObjectType" returned 0 (REQ_PROCEED)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file" Directive="Service"
  [03/Oct/2007:05:13:14] warning (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, send-file reports: HTTP4142: can't find /opt/WMS/rel/www/webserver7/https-localhost.localdomain/docs/dummypost/sunpostpreserve2007-10-0304:56:20.922 (File not found)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file" Directive="Service" returned -1 (REQ_ABORTED)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="error-j2ee" Directive="Error"
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="error-j2ee" Directive="Error" returned -2 (REQ_NOACTION)
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: executing fn="flex-log" Directive="AddLog"
  [03/Oct/2007:05:13:14] finest (22515): for host 27.63.254.1 trying to POST /dummypost/sunpostpreserve2007-10-0304:56:20.922, func_exec reports: fn="flex-log" Directive="AddLog" returned 0 (REQ_PROCEED)
  thanks
  Madhu

• This log -------------policy agent 2.1 for iis5.0

  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  Sun\Identity_Server\Agents\2.1\debug\C__Inetpub_wwwroot\amAgent
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): Identity Server Cookie not found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): No cookies found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:07:53.921 Error 1064:00D01120 PolicyEngine: am_policy_evaluate: InternalException in Service::getPolicyResult with error message:Policy not found for resource: http://guorui.mygodsun.com:49153/index.asp and code:7
  2004-07-25 18:07:53.921 Warning 1064:00D01120 PolicyAgent: am_web_is_access_allowed(http://guorui.mygodsun.com:49153/index.asp, GET) denying access: status = no policy found (7)
  2004-07-25 18:07:53.937 128 1064:00D01120 RemoteLog: User amAdmin was denied access to http://guorui.mygodsun.com:49153/index.asp.
  2004-07-25 18:07:54.062 Error 1064:00D01120 PolicyAgent: do_redirect(): Error while calling am_web_get_redirect_url(): status = success
  2004-07-25 18:07:54.078 Error 1064:00D01120 PolicyAgent: do_redirect() WriteClient did not succeed: Attempted message = HTTP/1.1 403 Forbidden
  Content-Length: 13
  Content-Type: text/plain
  403 Forbidden
  from that log,help me
  my:
  Sun Java System Identity Server 6.1
  Sun Java System Directory Server 5.2
  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  help me for that how config?
  what error ?
  thanks!

  Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
  Here are some of tips for debugging Web agent.
  From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
  Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
  Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
  Don't forget to restart the whole IIS service using internet
  management console after making agent changes.
  Some of the common error codes:
  20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
  7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

• What is this email alert: TUI-AD: All AD agents are down for realm Windows?

  I added our IT group e-mail to the Ironport S160 to be alerted when product keys are about to expire.  Our IronPort C160 e-mail filter does this but the S160 did not.
  We periodically get this email:
  Subject: Critical <System> webfilter.domain.com: TUI-AD: All AD agents are down for realm Windows
  The Critical message is:
  TUI-AD: All AD agents are down for realm Windows
  Product: Cisco IronPort S160 Web Security Appliance
  Model: S160
  Version: 7.5.1-079
  Serial Number: (removed for public posting)
  Timestamp: 24 Mar 2014 07:20:27 -0400
  Any idea what this means?  Everything is working normally.  How can I stop this message?

  Upon further investigation in services.msc on that server I see a Cisco AD Agent.  I did some digging on this service and its located in C:\IBF.
  First why is it called IBF?
  Second, whats in here is this:
  \adObserver
  \CLI
  \radiusServer
  \watchdog
  AD_Agent.Uninstaller.exe
  AD_Agent-version-1.0.0.32.1-build.598.IBF
  The emails came in at these times
  3/24 11:59 PM
  3/24 7:20 AM
  3/23 12:59 AM
  3/23 12:06 AM
  3/22 10:56 PM
  3/22 1:20 AM
  3/21 12:52 PM
  3/20 10:51 PM 

• Which version Diagnotics Agent to install for ERP6 systems using SM 7.1 ?

  Hi,
  I have a recently installed Solution Manager 7.1 system and would now like to add our managed systems for monitoring.
  Our managed systems are all running NW EHP2 / ERP6 EHP5 and I have installed the latest SAPHostagent 7.2 on each of these systems. These systems are non unicode running on Suse Linux Enterprise 10.
  I'm confused as to which version Diagnostic Agent to install for this setup. Under Solution Manager 7.1 in SWDC the managing agents are for a 7.3 installation only and the prerequisites require Suse Linux Enterprise 11. I'm not sure whether I can use agents located under older Solution Manager systems.
  With the above information in mind can you help ?
  Thanks.
  Regards,
  Nelis

  Hi,
  Please look in the table provided in below link.
  http://wiki.sdn.sap.com/wiki/display/SMSETUP/Diagnostics+Agents#DiagnosticsAgents-Whichagentversionshouldbeused%3F
  Regards
  Vivek

• Policy Agent 2.1 for IBM WebSphere Application Server 5.0 can't install

  I install Policy Agent 2.1 for IBM WebSphere Application Server 5.0
  But Can't install success
  resone:
  Base Installation completed Successfully
  WebSphere 5.0 Agent ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/am_sdk.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_services.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_sso_provider.jar;C:/Sun/IdentityServer/j2ee_agents/lib/am_logging.jar;C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1;C:/Sun/IdentityServer/j2ee_agents/locale
  WebSphere 5.0 Agent Boot ClassPath : C:/Sun/IdentityServer/j2ee_agents/lib/jdk_logging.jar
  WebSphere 5.0 Agent JVM options : -Damconfig=AMAgent -Dmax_conn_pool=10 -Dmin_conn_pool=1 -Dcom.iplanet.coreservices.configpath=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/ums -Djava.util.logging.manager=com.sun.identity.log.LogManager -Djava.util.logging.config.file=C:/Sun/IdentityServer/j2ee_agents/config/F__Program Files_WebSphere_AppServer_config_cells_tmbsp103_nodes_tmbsp103_servers_server1/AMAgent.properties -Djava.protocol.handler.pkgs=com.ibm.net.ssl.internal.www.protocol -Dws.ext.dirs=C:/Sun/IdentityServer/j2ee_agents/lib
  The server.policy file was configured successfully.
  Global Security Settings Configured Successfully.
  sas.client.props file Configuration FAILED.
  soap.client.props file Configuration FAILED.
  sas.client.props /soap.client.props two file how to Configuration ??

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry