CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Issue/Introduction
Policy Server and AdminUI are installed on Windows 2012 R2, and has been working well.
After rebooting the computer, AdminUI login failed: "Error: Unable to Process Logins. Please contact your administrator".
AdminUI server.log showed:
ERROR [ims.llsdk.directory.jndi] (default task-10) Search failed with filter (&(uid=siteminder)(&(objectclass=person)(objectclass=organizationalperson)(objectclass=inetorgperson)(objectclass=smAdministrator))) ERROR [im.AuthenticationModule] (default task-10) Failed to disambiguate user siteminder. Error Message: javax.naming.NamingException: An unknown error occurred while attempting to locate the necessary CA Single Sign-On policy data. [Root exception is com.ca.siteminder.directory.AdminPartitionException: An unknown error occurred while attempting to locate the necessary CA Single Sign-On policy data.
Environment
Policy Server: 12.8.x
Cause
As a result of log analysis, AdminUI (WAMUI) started up before Policy Server.
(1) smps.log - Policy Server startup message [3860/3864][Fri Mar 30 2018 13:57:31][CServer.cpp:5970][INFO][sm-Server-02080] SiteMinder Policy Server is ready on ...
(2) server.log - AdminUI startup message 2018-03-30 13:57:26,433 WARN [com.ca.siteminder.directory.AdminPartition] (MSC service thread 1-1) Admin directory initialization failed to contact the Policy Server; will retry later ... 2018-03-30 13:57:26,448 WARN [ims.default] (MSC service thread 1-1) # CA Single Sign-On 12.52.0201.6565 ...
This is a communication problem between the Policy Server and the AdminUI as you may see a failure to contact the Policy Server in server.log.
Resolution
Affter Policy Server startup completes, start AdminUI.
Another option is to change the service AdminUI (WAMUI) from "Autostart" to "Autostart (Delayed)" so that AdminUI will start up after Policy Server.