In the Web Agent traces, messages like these can be seen :
[04/25/2018][14:09:29.310][24624][9836][000000000000000000000000132d2899-6030-5ae0c459-266c-010e7ce3]
[IsResourceProtected][Communication failure between SiteMinder policy server and web agent.]
But Users report no problems.
- Check if there is any network interruption causing this;
- Check if the Policy Server is shutdown or restarted:
- If the WebAgent's SmHost.conf and HCO is pointing to a single Policy
Server then you would be experiencing an outage at this point;
- If there are multiple Policy Servers defined then users may not see
any error as Loadbalance/Failover takes care of agent
requests. However you will find these errors in the log during
failover (1)(2)(3);
- Check if all custom authentications are loading properly. (When
there is a request for custom authentication and if it does not load
properly then you can get this error as well);
- Check if the Policy Server has problem to execute Active Expression
and retrieve data, which can lead to a timeout. To illustrate in the
trace log there were three separate ~20 second delays all within
CSmActiveExpr::GetActiveValue function calls for the delayed
transactions resulting in :
LogMessage:ERROR:[sm-Server-02740] Failed to retreive the value.
There were 3 active expressions. Removed them and authentication
went through very fast.
If it is not the above, it can be due to a bad request.
In case if someone is forging a request passing invalid query
parameters such as agentname to the login.fcc, so when the Agent
sends this data to the Policy Server, the Policy Server may find this
request to be invalid and results in this error being logged (4).
(1)
Error 500 : Web Agent Failing to Connect to Policy Server
- Configure the Load Balancer able to handle properly the connections
from the Web Agent to the Policy Servers;
https://knowledge.broadcom.com/external/article?articleId=195517
(2)
Error : Agent Api function failed with Web Agent and Load Balancer
- To solve this issue, the idle timeout configured on the Policy
Server should be less than the session timeout configure for any
device between Policy Server and Web Agent (Load Balancer or
Firewall) (1).
https://knowledge.broadcom.com/external/article?articleId=38141
(3)
Error : Web Agent reports Failover from cluster [0] to cluster [1]
- Investigate network, load balancer and firewall and make sure that
there's no timeout on the TCP Protocol. If there's one, make sure
that the TCP Protocol timeout is big enough.
- On the Web Agent and Policy Server, enable the environment variable
SM_ENABLE_TCP_KEEPALIVE to insure that both component won't try to
use a connection that has been terminated on the firewall or
loadbalancer :
SM_ENABLE_TCP_KEEPALIVE (1)
https://knowledge.broadcom.com/external/article?articleId=141422
(4)
Error : Cannot fetch Agent errors in smps log
When running Web Agent and Policy Server, the Policy Server reports
error :
Cannot fetch agent <agent-name> agent
Cannot fetch agent rm68mlez4nymx/84ghafegu8szctihxhazdwm36bjoffghbqrkh2akoxdischjcq
and the request fails with error 500 in the browser. The Web Agent reports error
Communication failure between SiteMinder policy server and web agent
for that transaction.
https://knowledge.broadcom.com/external/article?articleId=39387