Error - Web Server Policy Agents setup

Similar Messages

• E6-00 Error mandatory server policy failed access ...

  Hello
  We just got a new E6-00 and wanted to connect it to our Exchange 2007 Servers using Mail for Exchange and Activesync.
  We get the error "mandatory server policy failed access refused". E72 Nokia work with the same Activesync policy and E7-00 also. We have in the policy the setting that the device must be encrypted and I think this causes the error.
  Does somebody know what can be done to get the E6-00 to connect, without changing the Activesync Policy?
  Thank you for your answers.
  regards
  d
  r

  Hi, Even same isue being observed in E7-00(RM-626) with updated mail for exchange 3.0; but this time now admin_log.txt shows some more help regarding failure.
  "04/12/2011 19:46:00 Policy Update: Partial failure
  04/12/2011 19:46:00 Policy status 2
  04/12/2011 19:46:00 Refused exchange access.
  04/12/2011 19:46:00 Policy Update: This device is unable to implement all requested 04/12/2011 19:46:00 password policies. Your Exchange Server's 'Device Security'
  04/12/2011 19:46:00 settings are currently configured to disallow access
  04/12/2011 19:46:00 from any device that can't support all password policies.
  04/12/2011 19:46:00 Contact your Exchange Administrator.
  04/12/2011 19:46:00 ProcessStatusResponse LEAVE error=-15017
  04/12/2011 19:46:00 CEasCmdHandler:oRunL - Main state machine. PreviousMainState = 8.CurrentMainState = 3. CurrentPolicyState =2.Error =-15017"
  so we can approch exchnage server administrator for help and provide little lenecy for configuring mail on E7 handset. i have tried similar connection on iphone and android its working, i am attaching snapshot of android handset procedure which shows server policy downloaded from the GW server. this may help coder for resolution and make nokia suceed in CBA for mail for exchnage.
  complete log attached for reference.
  04/12/2011 19:40:37 Profile Updated
  04/12/2011 19:45:38 Connected to connection method named Vodafone Mobile Connect with type Packet Data
  04/12/2011 19:45:44 HTTP error code=449
  04/12/2011 19:45:44 Policy Update: The Exchange Server has new Policy information. 04/12/2011 19:45:44 Policy Update: Requesting Policy.
  04/12/2011 19:45:44 Server Protocol Version for provisioning is 4
  04/12/2011 19:45:44 Ready to process policy response
  04/12/2011 19:45:45 Continue Processing elements
  04/12/2011 19:45:45 The following policies are not relevant to our phone
  04/12/2011 19:45:45 Policy PasswordRecoveryEnabled = 0
  04/12/2011 19:45:45 Policy AllowIrDA = 1
  04/12/2011 19:45:45 Policy AllowRemoteDesktop = 1
  04/12/2011 19:45:45 Policy MaxEmailHTMLBodyTruncationSize = -1
  04/12/2011 19:45:46 Policy AllowSMIMESoftCerts = 1
  04/12/2011 19:45:46 Policy AllowSMIMEEncryptionAlgorithmNegotiation = 2
  04/12/2011 19:45:46 Policy AllowDesktopSync = 1
  04/12/2011 19:45:46 Policy Approved Application List
  04/12/2011 19:45:46 Policy Unapproved Application List
  04/12/2011 19:45:46 End of not relevant policies section
  04/12/2011 19:45:46 Version 12.0 policies
  04/12/2011 19:45:46 Policy DevicePasswordEnabled = 1
  04/12/2011 19:45:46 Policy RequireStorageCardEncryption = 1
  04/12/2011 19:45:46 Policy RequireDeviceEncryption = 1
  04/12/2011 19:45:46 Policy AlphanumericDevicePasswordRequired = 0
  04/12/2011 19:45:46 Policy AttachmentsEnabled = 1
  04/12/2011 19:45:46 Policy AllowSimpleDevicePassword = 1
  04/12/2011 19:45:46 Policy MinPasswordLength =4
  04/12/2011 19:45:46 Policy MaxInactivityTimeDeviceLock = 1800
  04/12/2011 19:45:46 Policy MaxDevicePasswordFailedAttempts = 5
  04/12/2011 19:45:46 Policy MaxAttachmentSize = -1
  04/12/2011 19:45:46 Policy DevicePasswordExpiration = -1
  04/12/2011 19:45:46 Policy DevicePasswordHistory = 0
  04/12/2011 19:45:46 End Version 12.0 policies
  04/12/2011 19:45:46 Version 12.1 policies
  04/12/2011 19:45:46 Policy EmailBodyTruncateSize = -1
  04/12/2011 19:45:46 Policy MaxCalendarAgeFilter = 0
  04/12/2011 19:45:46 Policy MaxEmailAgeFilter = 0
  04/12/2011 19:45:46 Policy MinDevicePasswordComplexCharacters = 3
  04/12/2011 19:45:46 Policy AllowStorageCard = 1
  04/12/2011 19:45:46 Policy AllowCamera = 1
  04/12/2011 19:45:46 Policy AllowWiFi = 1
  04/12/2011 19:45:46 Policy AllowBluetooth = 2
  04/12/2011 19:45:46 End Version 12.1 policies
  04/12/2011 19:45:46 The following received policies may cause us to fail server policy support
  04/12/2011 19:45:47 Policy AllowTextMessaging = 1
  04/12/2011 19:45:47 Policy SyncWhileRoaming = 1
  04/12/2011 19:45:47 Policy AllowHtmlEmail = 1
  04/12/2011 19:45:47 Policy RequireSignedSMIMEMessages = 0
  04/12/2011 19:45:47 Policy RequireEncryptedSMIMEMessages = 0
  04/12/2011 19:45:47 Policy RequireSignedSMIMEAlgorithm = 0
  04/12/2011 19:45:47 Policy RequireEncryptionSMIMEAlgorithm = 0
  04/12/2011 19:45:47 Policy AllowUnsignedApplications = 1
  04/12/2011 19:45:47 Policy AllowUnsignedInstallationPackages = 1
  04/12/2011 19:45:47 Policy AllowInternetSharing = 1
  04/12/2011 19:45:47 Policy AllowPOPIMAPEmail = 1
  04/12/2011 19:45:47 Policy AllowConsumerEmail = 1
  04/12/2011 19:45:47 Policy AllowBrowser = 1
  04/12/2011 19:45:47 *** Warning: Some unsupported server policies were found -- syncing may fail
  04/12/2011 19:45:59 Policy Download: Updating to KAttachmentsEnabled = 1
  04/12/2011 19:45:59 Policy Download: Updating to KMaxAttachmentSize = 0
  04/12/2011 19:45:59 Policy Download: Updating to KEmailBodyTruncationSize = -1 04/12/2011 19:45:59 Policy Download: Updating to KMessageFormat = 1
  04/12/2011 19:45:59 Policy Download: Updating to RequireManualSyncWhenRoaming = 1 04/12/2011 19:45:59 Policy Download: Updating to KMaxCalendarAgeFilter = 0
  04/12/2011 19:45:59 Policy Download: Updating to KMaxEmailAgeFilter = 0
  04/12/2011 19:46:00 Policy Update: Partial failure
  04/12/2011 19:46:00 Policy status 2
  04/12/2011 19:46:00 Refused exchange access.
  04/12/2011 19:46:00 Policy Update: This device is unable to implement all requested 04/12/2011 19:46:00 password policies. Your Exchange Server's 'Device Security'
  04/12/2011 19:46:00 settings are currently configured to disallow access
  04/12/2011 19:46:00 from any device that can't support all password policies.
  04/12/2011 19:46:00 Contact your Exchange Administrator.
  04/12/2011 19:46:00 ProcessStatusResponse LEAVE error=-15017
  04/12/2011 19:46:00 CEasCmdHandler:oRunL - Main state machine. PreviousMainState = 8.CurrentMainState = 3. CurrentPolicyState =2.Error =-15017
  Attachments:
  Android_mail.pdf ‏1299 KB

• Load balancers with web servers & policy agents

  I have a pair of host machines, hostA and hostB, running multiple web server instances, portalA, portalB, contentA, contentB, serviceA, serviceB, etc.
  The two hosts, hostA and hostB, are sitting behind load balancers. ServiceA and serviceB must be protected by login and I have a policy agent installed on hostA and hostB for these two instances.
  The load balancers respond to https://service/* and forward requests to http://serviceA:3456/* or http://serviceB:3456/* depending on the host selected by round-robin.
  I've been told that serviceA and serviceB cannot be running on the default 443 port (although we could enable SSL if we wanted) in order to work nicely with the other web server instances that are behind the load balancers.
  The problem is that the policy agent knows that it is running as http://serviceA:3456/.
  The user makes a request to the load balancers for:
  https://service/protected.html
  The load balancer passes the request to:
  http://serviceA:3456/protected.html
  The agent sends a redirect to login which sends the user to:
  http://service:3456/protected.html
  This final URL is not available through the load balancers and it's obviously not the public URL.
  I have fqdnDefault set to 'service.x.x' so the URL is rewritten to that extent. Is there a way to tell the agent that the port it's running on is not the public port (ie. that it's behind a NAT device)? Is there a way to tell the agent that it's should actually redirect to https and not http?

  Hi,
  CQ authoring does not leverage server side sessions, therefor you'll never loose data because of this.
  But: As the cluster has a small delay on synchronisation, it could be, that on a write and subsequent read you'll get the old content, if you don't have sticky sessions (because both requests are not processed by the same server). Therefor I advise you to use sticky sessions in front of a CQ authoring cluster.
  Jörg

• Sun One Identity Server Policy Agent 2.0 for IIS 5.0

  Hi,
  I try to use Sun Indentity Server with IIS, so I installed policy agent 2.0 for IIS 5.0. my operating system is Windows 2000 professional. I can see the ISAPI fiiter is loaded, but when I try to test the installation by access a testing page, like http://localhost/test.asp, I can not go anywhere, the sun identity server log in page is not loaded. I checked the debug log file, there are just two warning message:
  2003-02-12 11:11:52.314 Warning 1316:00A548E8 PolicyAgent: Invalid URL for property (com.sun.am.policy.agents.accessDeniedURL) specified
  2003-02-12 11:11:52.798 Warning 1316:00A548E8 PolicyAgent: FqdnHandler::FqdnHandler() No value specified for fqdnMap.
  Could someone help me out here? Any suggestion will be appreciated.
  Thanks,
  Harold Chen

  Well, it's in the Agent's installation guide, section "Read me first", "Setting Fully Qualified Domain Name". :)

• Pool error Web Server 6.1 SP4 solaris 10

  I have a web instance with a pool defined in "JDBC Connection Pools", but, when I execute a servlet than find (lookup), the JNDI names, not find nothing (listContext method).
  When I find by the exact name:
  InitialContext ctx= new InitialContext();
  datasource = (DataSource) ctx.lookup("jdbc/POOL");
  Throws a exception:
  javax.naming.NameNotFoundException: WEB3885: Name jdbc is not bound in this Context
  at org.apache.naming.NamingContext.lookup(NamingContext.java:811)
  at org.apache.naming.NamingContext.lookup(NamingContext.java:194)
  at org.apache.naming.SelectorContext.lookup(SelectorContext.java:183)
  at javax.naming.InitialContext.lookup(InitialContext.java:351)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:658)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:244)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
  at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
  at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  may be happening?
  The web server is installed on SunOS 5.10 Generic_118833-36 sun4v sparc SUNW,SPARC-Enterprise-T2000
  I need help,
  Jorge
  I have configured a pool in my web instance as following:
  *** server.xml:
  <RESOURCES>
  <JDBCCONNECTIONPOOL name="mypool" datasourceclassname="oracle.jdbc.pool.OracleDataSource" steadypoolsize="8" maxpoolsize="32" poolresizequantity="2" idletimeout="300" maxwaittime="60000" connectionvalidationrequired="off" connectionvalidationmethod="auto-commit" validationtablename="" failallconnections="off" transactionisolationlevel="read-committed" isolationlevelguaranteed="off">
  <PROPERTY name="User" value="user"/>
  <PROPERTY name="URL" value="jdbc:oracle:thin:@<ip>:<port>:<sid>"/>
  <PROPERTY name="Password" value="passwd"/>
  </JDBCCONNECTIONPOOL>
  <JDBCRESOURCE jndiname="jdbc/POOL" poolname="mypool" enabled="on"/>
  </RESOURCES>
  *** web.xml:
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "file:/C:/iPlanet/Servers/bin/https/dtds/web-app_2_2.dtd">
  <web-app>
  <resource-ref>
  <description>example</description>
  <res-ref-name>jdbc/POOL</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  </web-app>
  *** sun-web.xml:
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Web Server 6.1 Servlet 2.3//EN' 'http://www.sun.com/software/dtd/appserver/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
  <resource-ref>
  <res-ref-name>jdbc/POOL</res-ref-name>
  <jndi-name>jdbc/POOL</jndi-name>
  </resource-ref>
  </sun-web-app>
  *** Code at a servlet:
  InitialContext ctx = new InitialContext();
  listContext((Context) ctx, "");
       * Recursively exhaust the JNDI tree
       private static final void listContext(Context ctx, String ruta)
            try
                 NamingEnumeration listanombresjndi = ctx.listBindings("");
                 while (listanombresjndi.hasMore())
                      Binding item = (Binding) listanombresjndi.next();
                      String className = item.getClassName();
                      String name = item.getName();
                      System.err.println(ruta + className + " " + name);
                      Object o = item.getObject();
                      if (o instanceof javax.naming.Context)
                           listContext((Context) o, ruta + " ");
            catch (NamingException ex)
                 System.err.println("JNDI failure: " + ex);
                 ex.printStackTrace();
       }

  Hi,
  with these instructions work properly, why?
  On a Sun Web Server SP11 windows is not necessary to realize that, and it works correctly without these indications
  is a bug?
  Thanks in advance
  CesarJorge

• Identity Server Policy agent for BEA Weblogic Server 8.0

  Hi all,
  I donot find policy agents for BEA weblogic 8.X.
  Is the 6.1SP2 version forward compatible?
  Thanks

  You didn't specified the OS. Please find the PA support with different platforms & softwares..
  http://docs.sun.com/source/816-6884-10/chapter1.html#wp21986

• HTTP status 500 error using OpenSSO, policy agent 3 and glassfish

  Hello,
  I have created a simple secure web app following the agentsample app. When I first start up the server that opensso is deployed on, I can log in to the app and everything works fine. Then when I log into again I get a HTTP status 500 error. I have to restart the server to make it work again. Everything about it is very unpredictable - sometimes it works, sometimes it doesn't.
  I found this in the server logs:
  Exception starting filter Agent
  java.lang.ClassNotFoundException: com.sun.identity.agents.filter.AmAgentFilter
       at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1498)
       at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:235)
       at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:369)
       at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:103)
       at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4389)
       at org.apache.catalina.core.StandardContext.start(StandardContext.java:5189)
       at com.sun.enterprise.web.WebModule.start(WebModule.java:326)
       at com.sun.enterprise.web.LifecycleStarter.doRun(LifecycleStarter.java:58)
       at com.sun.appserv.management.util.misc.RunnableBase.runSync(RunnableBase.java:304)
       at com.sun.appserv.management.util.misc.RunnableBase.run(RunnableBase.java:341)
       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
       at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)
       at java.util.concurrent.FutureTask.run(FutureTask.java:123)
       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
       at java.lang.Thread.run(Thread.java:595)
  Thanks
  AT

  Set the log level to mesaage and look into the amFilter logs

• Error 403 returned from WebSphere running Policy Agent

  Hi,
  I'm getting an error 403 (forbidden) in my browser when I try to access a URL that I have protected using a Policy that I have setup in SAM.
  My configuration is as follows:
  Sun Access Manager 6 2005Q1 on Solaris
  WebSphere AppServer 5.1.1.5 on Win 2000
  WebSphere 5.0 Policy Agent 2.1 on Win 2000
  At the moment, all I'm trying to do is protect a URL which is contained in a simple WAR file which I have deployed on WAS.
  As per the J2EE Policy Agents guide, I have installed the Agent Filter by adding the following into web.xml
  <web-app>
  <display-name>...</display-name>
  <description>...</description>
  <filter>
  <filter-name>Agent</filter-name>
  <display-name>Agent</display-name>
  <description>SunTM ONE Identity Server Policy Agent</description>
  <filter-class>com.sun.identity.agents.websphere.AmWAS50AgentFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>Agent</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  </web-app>
  I've switched on Global Security in WAS and successfully logged back into the WebSphere Console using amldapuser. This confirms that the Agent Realm is working correctly.
  In SAM I set up a Policy with a Rule that specified the URL I want to protect. I added a Subject to this Rule of type LDAP User. The user I chose was amadmin (for the moment).
  I also configued an Agent with agentRootURL=http://<WAS fully qualified domain name>:9080/
  When I try to access the URL of the servlet in the WAR, I am redirected to the SAM's login page
  http://<SAM fully qualified domain name>/amserver/UI/Login?goto=http%3A%2F%2F<WAS fully qualified domain name>%3A9080%2FRoamingApp%2FRoaming
  However, when I enter the amadmin/ <password> error 403 is returned to the browser.
  I've checked the logs on SAM
  From amAuthentication.access
  "2005-07-28 11:58:15" "Login Success" LDAP dc=acme,dc=com INFO uid=amAdm
  in,ou=People,dc=acme,dc=com <WAS IP address> "cn=dsameuser,ou=DSAME Users,dc=acme,
  dc=com" <WAS IP address>
  From amSSO.access
  "2005-07-28 11:58:15" "SESSION CREATE" amSSO.access dc=acme,dc=com I
  NFO uid=amAdmin,ou=People,dc=acme,dc=com <WAS IP address> "cn=dsameuser,ou=
  DSAME Users,dc=acme,dc=com" <WAS IP address>
  From agent.log (Policy Agent on Win 2000)
  [Thursday, July 28, 2005 11:58:15 AM BST] [null]
  Access to http://<WAS fully qualified domain name>:9080/RoamingApp/Roaming denied for user UNKNOWN
  Perhaps I dont have the Policy in SAM configured correctly..... if anyone has come across this kind of problem before, I would greatly appreciate any help they can give me.
  Thanks,
  Justin

  Thanks for getting back to me Jerry.
  I had a look at the role-to-principal mappings you suggested. To do this I added a security constraint to my web.xml file.
  Then I reconfigured WebSphere so that the Active User Registry = LDAP instead of Custom. This allowed me to assign the LDAP group (in SAM) to the role (in web.xml). WAR file installed fine with these new bindings and I restarted WAS.
  Unfortunately, I'm still getting Error 403 in the browser!
  Any ideas as to what I might be doing wrong? Any help you can give me would be much appreciated.
  This is the amFilter log file from the Policy Agent...
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: incoming request =>
  HttpServletRequest: class => com.ibm.ws.webcontainer.srt.SRTServletRequest@1af52898
       Character Encoding     : null
       Content Lenght          : -1
       Content Type          : null
       Locale               : en_IE
       Accept Locales:
            en_IE
       Protocol          : HTTP/1.1
       Remote Address          : 172.20.13.96
       Remote Host          : 172.20.13.96
       Scheme               : http
       Server Name          : dubwrk1589.ie.pri.o2.com
       Server Port          : 9080
       Is Secure          : false
       Auth Type          : null
       Context Path          : /RoamingApp
       Cookies:
            amFilterParam: AQIC5wM2LY4Sfcx0xX1Z1+1tK4SfLh/aCFlbIGuRNEPcAVc=
            amFilterRDParam: AQIC5wM2LY4Sfcwb7v6Sof6MpnvtyR8nae7hiKN7Y11QjCagyWAs9LzbAeB9Q4TP8VjruhK+oYForXxw/qq6TqbMAN1PlT1YOQI3Vy92iAaJ2N9x2bSRaUU7NlwZg8oTti+JOLdiRMTzwO17jIoWwCIx/0CtoQXpkX/meuAoFwf1feyAEp2NvK7AIbE82f/p8o4LxQbhK2NQNec=
            WASReqURL: http://dubwrk1589.ie.pri.o2.com:9080/RoamingApp/Roaming
            JSESSIONID: 0000HRZTVpt84dvtjaLaKWBnwzu:-1
       Headers:
            accept:
                 image/gif
                 image/x-xbitmap
                 image/jpeg
                 image/pjpeg
                 application/msword
                 application/vnd.ms-excel
                 application/vnd.ms-powerpoint
                 application/x-shockwave-flash
            referer:
                 http://sam.digifone.com/amserver/UI/Login?goto=http%3A%2F%2Fdubwrk1589.ie.pri.o2.com%3A9080%2FRoamingApp%2Flogin.jsp
            accept-language:
                 en-ie
            cookie:
                 amFilterParam=AQIC5wM2LY4Sfcx0xX1Z1+1tK4SfLh/aCFlbIGuRNEPcAVc=; amFilterRDParam=AQIC5wM2LY4Sfcwb7v6Sof6MpnvtyR8nae7hiKN7Y11QjCagyWAs9LzbAeB9Q4TP8VjruhK+oYForXxw/qq6TqbMAN1PlT1YOQI3Vy92iAaJ2N9x2bSRaUU7NlwZg8oTti+JOLdiRMTzwO17jIoWwCIx/0CtoQXpkX/meuAoFwf1feyAEp2NvK7AIbE82f/p8o4LxQbhK2NQNec=; WASReqURL=http://dubwrk1589.ie.pri.o2.com:9080/RoamingApp/Roaming; JSESSIONID=0000HRZTVpt84dvtjaLaKWBnwzu:-1
            accept-encoding:
                 gzip
                 deflate
            user-agent:
                 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
            host:
                 dubwrk1589.ie.pri.o2.com:9080
            connection:
                 Keep-Alive
            cache-control:
                 no-cache
       Method               : GET
       Path Info          : null
       Path Trans          : null
       Query String          : null
       Remote User          : null
       Requested Session ID     : 0000HRZTVpt84dvtjaLaKWBnwzu:-1
       Request URI          : /RoamingApp/login.jsp
       Servlet Path          : /login.jsp
       Session               : true
       User Principal          : null
       Attributes:
            com.ibm.servlet.engine.webapp.dispatch_type: forward
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  FQDNHandler: Incoming Server Name: [dubwrk1589.ie.pri.o2.com] Result: null
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  PatternRule{*/j_security_check}.matchString(/RoamingApp/login.jsp) => false
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  NotEnforcedListManager.isNotEnforced(/RoamingApp/login.jsp) => false
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: Login attempt number: 10
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: SSO Validation failed for null
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: Reseting Cookies in Response
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  WARNING: AmFilter: Login attempt number 10 failed for request URI: /RoamingApp/login.jsp
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  URLFailoverHelper: Checking if http://sam.digifone.com:80/amserver/UI/Login is available
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  URLFailoverHelper: URL http://sam.digifone.com:80/amserver/UI/Login is available
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  URLFailoverHelper: getAvailableURL() => http://sam.digifone.com:80/amserver/UI/Login
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: redirectURL is: http://sam.digifone.com:80/amserver/UI/Login?goto=http%3A%2F%2Fdubwrk1589.ie.pri.o2.com%3A9080%2FRoamingApp%2Flogin.jsp
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  WARNING: AmFilter: redirect attempt limit reached for http://sam.digifone.com:80/amserver/UI/Login?goto=http%3A%2F%2Fdubwrk1589.ie.pri.o2.com%3A9080%2FRoamingApp%2Flogin.jsp, access will be denied
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: Using 403 forbidden to block access
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  getResource: id = 20004
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  AmFilter: result =>
  FilterResult:
       Status      : FORBIDDEN
       RedirectURL     : null
       RequestHelper:
            null
       Data:
            null
  07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
  getResource: id = 20008

• Policy Agent on Sun Application Server 9.1

  I'm attempting to deploy the Access Manager Policy Agent to Sun Application Server 9.1 and I'm running into some issues.
  Environment:
  amhost - Access Manager 7.0 on Sun Webserver can do both http and https
  ashost - Access Manager Policy AGent 2.2 on Sun Application Server 9.1
  If everything is set to http:
  When i attempt to access a simple servlet application (Headersnooper) I am redirected the the access manager server and when authentication is successful I see the browser attempting to redirect back to the application server and I see the following error in the Policy Agent debug logs amJAXRPC:
  11/13/2007 02:46:18:055 PM EST: Thread[httpSSLWorkerThread-8080-79,10,Grizzly]
  JAXRPCHelper: Connection to URL: https://ssodev.queensu.ca:443/amserver/jaxrpc/SMSObjectIF failed
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
  Why would it think to attempt to connect to https when everything in the agent is configured for http?
  Any thoughts or recommendations would be appreciated.

  Hi,
  One thing that could help is to look at the info in the agent logs, first increase Debug Logging Level, then restart the agent server and click thru your app, then look in agent runtime logs which should have more descriptive errors. For more detail on how to do this, try http://wikis.sun.com/display/OpenSSO/GlassFishAgentTrouble#GlassFishAgentTrouble-generaltips
  You could look on this page, which is mostly based on GlassFish server but could help for other servers as well.
  http://wikis.sun.com/display/OpenSSO/GlassFishAgentTrouble
  I have not installed either of the policy agents you mentioned. But with some of the other agents, like the Sun App server 9 (GlassFish) agent, it comes with a sample application, and I find that this is the best way to ensure your setup is good and you are following all steps etc. Once sample app is up, you can try your own apps with confidence.
  Since you already have the SJSAS 9 installed, maybe you could create a new domain and download/install the SJSAS 9 policy agent on the new domain. Then try out the sample app?
  Or if those other agents have a sample app then try it out.
  hth,
  Sean

• Installing policy agent 2.1.1 for app server 7

  Hi,
  I've been trying to install the policy agent on app server7. I read that the policy agent had to be installed on a different instance of the app server than the one where the portal is running (portal runs on instance server1). How can you make sure of that?
  I'd like to use the agent to only control the access to a webapp that is deployed on server1 instance. I don't want it to interfere with the portal but at the moment it does.
  Now I can't use the webapp (access forbidden) and the portal ("Authentication Service is not initialized").
  all the components of JES but the gateway are installed on a single machine called crpbioweb.crp-sante.healthnet.lu
  here is the statefile of the installation
  [STATE_BEGIN Sun ONE Identity Server Policy Agent a15672cb9a086c93b865dd58c4e72641d908cc91]
  OS_NAME = SunOS
  PACKAGE_ZIP_FILE = am_as70_agent.zip
  PACKAGE_ID = SUNWamas
  PACKAGE_VERSION = 2.1
  COMPONENT_NAME = Sun ONE Identity Server Policy Agent for Sun ONE Application Server 7.0
  AGENT_TYPE = as70
  defaultInstallDirectory = /opt
  currentInstallDirectory = /opt/agent
  SERVER_HOST = crpbioweb.crp-sante.healthnet.lu
  SERVER_PORT = 58080
  SERVER_PROTO = http
  SERVER_DEPLOY_URI = /amserver
  CONSOLE_HOST = crpbioweb.crp-sante.healthnet.lu
  CONSOLE_PORT = 58080
  CONSOLE_PROTO = http
  CONSOLE_DEPLOY_URI = /amconsole
  ENCADMINPASSWD = password
  LDAPUSERPASSWD = amldapuser
  DIRECTORY_HOST = crpbioweb.crp-sante.healthnet.lu
  DIRECTORY_PORT = 389
  DIRECTORY_SSL_ENABLED = false
  ROOT_SUFFIX = dc=crp-sante,dc=healthnet,dc=lu
  ORG_BASE = dc=crp-sante,dc=healthnet,dc=lu
  CONFIG_LOAD_INTEREVAL = 10
  ENABLE_NEL_CACHE = false
  NEL_CACHE_SIZE = 1000
  NEL_CACHE_TIME = 60
  PREF_PROTOCOL = http
  PREF_PORT = 80
  PRIMARY_CTX_PATH = /mailtracker
  AGENT_HOST = crpbioweb.crp-sante.healthnet.lu
  FILTER_MODE = ALL
  ACCESS_DENIED_URI =
  LOGIN_ATTEMPT_LIMIT = 5
  JAVA_HOME = /usr/jdk/entsys-j2se
  JSSE_INSTALLED = true
  JCE_INSTALLED = true
  AS70_BIN_DIR = /opt/SUNWappserver7/bin
  AS70_ADMIN_USER = admin
  AS70_ADMIN_PASSWD = password
  AS70_ADMIN_PORT = 4848
  AS70_INSTANCE_CONFIG_DIR = /var/opt/SUNWappserver7/domains/domain1/server1/config
  [STATE_DONE Sun ONE Identity Server Policy Agent a15672cb9a086c93b865dd58c4e72641d908cc91]
  There are 2 things I'd like to know:
  How can I make sure the agent is installed on server2 instance and not on server1?
  How do you choose to install the agent on server2?
  If I correctly installed the agent on server2, then why does it block the webapp and the portal on server1?

  Before installing the agent I already manually created a second instance of the app server on port 81. the problem is that I don't know how to install the agent on server2 instance. the only parameter that has something to do with port or instance is the "PREF_PORT". but according to the doc http://docs.sun.com/source/816-6884-10/chapter2.html#wp20595
  it says that the Preferred protocol listening port is the preferred port number on which the application server provides its services.
  I'm not quite sure what this means. Do I have to enter the port of the instance where I want to install the agent or the port I want to protect with the agent?
  Another way to check if I installed it at the right place would be to check in the app server admin console. the installation created a new item in App server instance > server 1 > security > Realms. Do you know if this is the correct place to appear? or should it be in server2?
  thanks

• Policy Agent doesn't reset Sun  Access Manager session time idle value

  Hi,
  We have the following setup in our environment:
  - apache web server/web and policy agent 2.2 for apache 2.0.54
  - webmethods portal server (jetty)
  -Sun Access Manager (with Sun Directory Server)
  We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
  Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
  Thanks a lot for the help.

  Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
  We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
  Thanks for all your help,

• Authorization issue with J2EE Policy Agent for AS7

  Following the documentaion I have created a simple J2EE application with a servlet and 2 jsp's. The 2 JSP's customer.jsp and admin.jsp are mapped to /customer and /admin. The entire web application is subject to a filter like:
  <filter>
  <filter-name>Agent</filter-name>
  <display-name>Agent</display-name>
  <description>SunTM ONE Idenitity Server Policy Agent for SunTM ONE Application Server 7.0</description>
  <filter-class>com.sun.amagent.as.filter.AgentFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>Agent</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  The two resources /customer and /admin are subjected security constraints like:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>col2</web-resource-name>
  <url-pattern>/customer</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>customer</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  The role-to-principal mapping is done in the sun-web.xml like:
  <security-role-mapping>
  <role-name>customer</role-name>
  <group-name>customer</group-name>
  <principal-name>amAdmin</principal-name>
  </security-role-mapping>
  <security-role-mapping>
  <role-name>admin</role-name>
  <group-name>admin</group-name>
  <principal-name>amAdmin</principal-name>
  </security-role-mapping>
  Two roles 'customer' and admin are created via the identity server console and users are added to these roles.
  The application deploys OK, when the app is accesed the user is redirected to the identity server and is authenticated fine. The user is directed to the main servlet and is allowed to access the the two jsp's. All is good till now, when the user access one these links say /customer, access is denied (403). The server logs prints out:
  [21/May/2003:10:34:24] FINE ( 6036): servletPath = /customer
  [21/May/2003:10:34:24] FINE ( 6036): pathInfo = null
  [21/May/2003:10:34:24] FINE ( 6036): SingleSignOn[ids]: Process request for '/idssample/customer'
  [21/May/2003:10:34:24] FINE ( 6036): SingleSignOn[ids]: Checking for SSO cookie
  [21/May/2003:10:34:24] FINE ( 6036): SingleSignOn[ids]: SSO cookie is not present
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Security checking request GET /idssample/customer
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: We have cached auth type PROGRAMMATIC for principal amAdmin
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Checking constraint 'SecurityConstraint[col2]' against GET /customer --> false
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Checking constraint 'SecurityConstraint[col2]' against GET /customer --> true
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Subject to constraint SecurityConstraint[col2]
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Calling checkUserData()
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: User data constraint has no restrictions
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Calling authenticate()
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: User authentication is not required
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Calling accessControl()
  [21/May/2003:10:34:24] FINEST ( 6036): PRINCIPAL : amAdmin hasRole?: customer
  [21/May/2003:10:34:24] FINEST ( 6036): PRINCIPAL TABLE: {}
  [21/May/2003:10:34:24] FINE ( 6036): Authenticator[idssample]: Failed accessControl() test
  [21/May/2003:10:34:24] WARNING ( 6036): CORE3283: stderr: <May 21, 2003 10:34:24 AM CDT> <Agent> <Info> AgentRealm.getGroupNames(amAdmin)
  [21/May/2003:10:34:24] WARNING ( 6036): CORE3283: stderr: <May 21, 2003 10:34:24 AM CDT> <Agent> <Info> AgentRealm.getGroupNames(amAdmin) => java.util.Vector$1@bb60ad
  Now, snooping around I have found that the AgentRealm.getGroupNames(userdn) does
  return the correct grops viz. customer,admin,anyone.
  PLEASE HELP

  -- Second Update --
  After policy installation I got several problems with PeopleSoft configuration. Which finally were solved.
  1. Some URL's has to be defined as not enforced.
  com.sun.am.policy.amFilter.notenforcedList[1]=/ps/images/*
  com.sun.am.policy.amFilter.notenforcedList[2]=*.css
  com.sun.am.policy.amFilter.notenforcedList[3]=*.ico
  2. In versions older than PeopleSoft 8.4.2 the policy agent modified the file
  /opt/fs/webserv/peoplesoft/applications/peoplesoft/PORTAL/WEB-INF/psftdocs/ps/configuration.properties to add the properties:
  byPassSignon=TRUE
  defaultUserid="DEFAULT_USER"
  defaultPWD="your password"
  signon_page=amsignin.html
  signonError_page=amsignin.html
  logout_page=amsignin.html
  expire_page=amsignin.html
  However, in the newer versions of PeopleSoft this properties are controled from the online Peoplesoft console. Which are set on:
  PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Security --> In section "Public Users" the parameters that has to be changed are:
  Allow Public Access (cheked)
  User ID : DEFAULT_USER
  Password : your password
  HTTP Session Inactivity : (SSO TIMEOUT)
  and:
  PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Look and Feel -->
  In section "SignOn/Logout" set the following values:
  Signon Page : amsignin.html
  Signon Error Page : amerror.html
  Logout Page : amsignout.html
  Note: After making any changes on the console; restart PIA (weblogic instance).
  With this the SSO with PeopleSoft is working Ok.
  Message was edited by:
  LpzYlnd

• This log -------------policy agent 2.1 for iis5.0

  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  Sun\Identity_Server\Agents\2.1\debug\C__Inetpub_wwwroot\amAgent
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): Identity Server Cookie not found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:06:22.156 Warning 1064:00D01120 PolicyAgent: OnPreprocHeaders(): No cookies found.
  2004-07-25 18:06:22.156 Error 1064:00D01120 PolicyAgent: do_redirect() ServerSupportFunction did not succeed: Attempted status = 302 Found
  2004-07-25 18:07:53.921 Error 1064:00D01120 PolicyEngine: am_policy_evaluate: InternalException in Service::getPolicyResult with error message:Policy not found for resource: http://guorui.mygodsun.com:49153/index.asp and code:7
  2004-07-25 18:07:53.921 Warning 1064:00D01120 PolicyAgent: am_web_is_access_allowed(http://guorui.mygodsun.com:49153/index.asp, GET) denying access: status = no policy found (7)
  2004-07-25 18:07:53.937 128 1064:00D01120 RemoteLog: User amAdmin was denied access to http://guorui.mygodsun.com:49153/index.asp.
  2004-07-25 18:07:54.062 Error 1064:00D01120 PolicyAgent: do_redirect(): Error while calling am_web_get_redirect_url(): status = success
  2004-07-25 18:07:54.078 Error 1064:00D01120 PolicyAgent: do_redirect() WriteClient did not succeed: Attempted message = HTTP/1.1 403 Forbidden
  Content-Length: 13
  Content-Type: text/plain
  403 Forbidden
  from that log,help me
  my:
  Sun Java System Identity Server 6.1
  Sun Java System Directory Server 5.2
  Sun Java System Identity Server Policy Agent 2.1 for Microsoft IIS 5.0
  help me for that how config?
  what error ?
  thanks!

  Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
  Here are some of tips for debugging Web agent.
  From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
  Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
  Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
  Don't forget to restart the whole IIS service using internet
  management console after making agent changes.
  Some of the common error codes:
  20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
  7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

• Policy agent 2.1 for apache 1.3.27 reinstallation problem

  hi
  i've uninstalled Apache_1.3.27_agent_2.1_sparc-sun-solaris2.8 policy agent [Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)] to reinstall it from scratch.
  during the reinstallation i've the problem listed below. i did remove all remaining parts of agent but doesn't work.
  Any idea ?
  Thanks
  Installing Sun ONE Identity Server Policy Agent
  Listener:com.iplanet.am.installer.listeners.ApacheInstallListener@1372656 threw exception during "installFinishing" method while listening to SUNWamapc install directory=[DETERMINED AT RUNTIME]:java.lang.reflect.InvocationTargetException
  Target Exception trace:
  java.lang.RuntimeException: error executing ///bin/config at com.iplanet.am.installer.listeners.InstallListenerBase.executeCommand(InstallListenerBase.java:829) at com.iplanet.am.installer.listeners.InstallListenerBase.configureSolarisWebAgent(InstallListenerBase.java:294) at com.iplanet.am.installer.listeners.InstallListenerBase.installFinishing(InstallListenerBase.java:150) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324)
  at com.sun.install.products.Product.processEvents(Product.java:753) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.processEvents(Product.java:787) at com.sun.install.products.Product.performInstallation(Product.java:643) at com.sun.install.tasks.ProductTask.perform(ProductTask.java:191) at com.sun.wizards.core.Sequence.perform(Sequence.java:336) at com.sun.wizards.core.SequenceManager.run(SequenceManager.java:226) at java.lang.Thread.run(Thread.java:534)

  I had the same problem because of a missconfiguration in AMAgent.properties. I changed manually all URLs to the Identity Server from http to https and found out the port number has definitly to be specified (bad URL parsing of Policy Agent). You should check your configuration...
  HTH
  J�rgen

• Wilyhost Agent setup finished successfully with limitations - SMD SPS15

  Dear all,
  we have connected different SAP J2EE systems to our Solution Manager Diagnostics without any problems. Now we are trying to connect the corresponding ABAP backend systems to the SMD. The Setup Wizard for these systems are completed with a warning. Everything seems to work fine, but the warning are spurious (we get only the yellow light, not a green one).
  Did anyone has the same "problems" with ABAP managed systems and has anyone a solution for the yellow light ?
  Thanks and best regards
  Patrick
  Error/Warning Message -
  Wilyhost Agent setup finished successfully with limitations. Data of at least one action is not available in Enterprise Manager.
  Created destination RT5|s3p5012_RT5_00
  Created action RT5 - RT5 AbapSystem
  Created action RT5|s3p5012_RT5_00 - RT5|s3p5012_RT5_00 AbapInstance
  Created 2 action(s).
  1 Wilyhost Agent(s) and 0 EP Agent(s) from host s3p2012 are connected to the EM.
  90 seconds after restarting the WilyHostAgent the data of the following action is still missing in EM: RT5
  90 seconds after restarting the WilyHostAgent the data of the following action is still missing in EM: RT5|s3p5012_RT5_00
  Wilyhost Agent setup finished successfully with limitations. Data of at least one action is not available in Enterprise Manager.
  Error/Warning Message -

  Hi to all,
  I have addition information about the Wily HostAgent problem. Here are some other alerts/warnigs from another SAP portal :
  ============================================================================
  Jul 15, 2008 10:34:15 AM [Thread[SAP GC|FB7_J02_server3,5,main]] Error      com.sap.smd.wily.hostagent.action.GcScannerAction - scanInitial(): scan for file /usr/sap/FB7/J02/j2ee/../work/std_server3.outterminated: /usr/sap/FB7/J02/j2ee/../work/std_server3.out (No such file or directory)
  Jul 15, 2008 10:34:15 AM [Thread[SAP GC|FB7_J02_server3,5,main]] Error      com.sap.smd.wily.hostagent.action.GcScannerAction - doRun(): Action temporarily stopped: SAP GC|FB7_J02_server3
  [EXCEPTION]
  com.sap.smd.wily.hostagent.TransientException: java.io.FileNotFoundException: /usr/sap/FB7/J02/j2ee/../work/std_server3.out (No such file or directory)
          at com.sap.smd.wily.hostagent.action.AbstractAction.handleError(AbstractAction.java:259)
          at com.sap.smd.wily.hostagent.action.GcScannerAction.scanInitial(GcScannerAction.java:391)
          at com.sap.smd.wily.hostagent.action.GcScannerAction.doRun(GcScannerAction.java:135)
          at com.sap.smd.wily.hostagent.action.AbstractAction.run(AbstractAction.java:52)
          at com.wily.EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:725)
          at java.lang.Thread.run(Thread.java:534)
  Caused by: java.io.FileNotFoundException: /usr/sap/FB7/J02/j2ee/../work/std_server3.out (No such file or directory)
          at java.io.RandomAccessFile.open(Native Method)
          at java.io.RandomAccessFile.<init>(RandomAccessFile.java:204)
          at com.sap.smd.wily.hostagent.action.GcScannerAction.scanInitial(GcScannerAction.java:372)
          ... 4 more
  Jul 15, 2008 10:35:15 AM [Thread[Thread-364,5,main]] Warning    com.sap.smd.wily.hostagent.action.AbstractAction - run(): Action SAP GC|FB7_J02_server2 not running because status is WAITING_FOR_DESTINATION
  Jul 15, 2008 10:35:15 AM [Thread[Thread-366,5,main]] Warning    com.sap.smd.wily.hostagent.action.AbstractAction - run(): Action SAP GC|FB7_J02_server1 not running because status is WAITING_FOR_DESTINATION
  ============================================================================