Layer7 API Gateway: smreghost exited with nonzero status

book

Article ID: 126355

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

When we try to register gateway agent to CA SSO Policy Server we get an error "smreghost exited with nonzero status 141"

Registering with CA SSO is throwing the following error dialog box.

 

Steps followed:  

Configure System Property for CA Single Sign-On

Before you start using CA Single Sign-On, configure the following system property first.
To configure the system property for CA Single Sign-On:

1. Open a privileged shell.
2. Locate and open the following file in a text editor:

/opt/SecureSpan/Gateway/node/default/etc/conf/system.properties

3. Add the following line:

org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE = true

4. Save and exit the file.
5. Restart the Gateway.

Cause

The error dialog box is a generic failure message when communicating to the policy server in this particular case port 44442 (Default for smreghost) was blocked 

The network conversation between the APIM GW IP:xxx.xxx.xxx.xxx:44442 to SSO Policy server yyy.yyy.yyy.yyy:44442 - is not able to be established on port 44442
RST 

No.     Time                        Source                Source Port Destination           Destination Port Protocol Length Info
     34 2019/036 15:19:24.592370    xxx.xxx.xxx.xxx          58295       yyy.yyy.yyy.yyy          44442            TCP      66     58295 → 44442 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=512
     35 2019/036 15:19:24.592677    yyy.yyy.yyy.yyy          44442       xxx.xxx.xxx.xxx          58295            TCP      60     44442 → 58295 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

 

Environment

Gateway 9.4
SSO Policy Server 12.51 Sp1 FIPS mod (mode or version does not matter)

Resolution

When registering the "CA Single Sign-On Registration Properties"  you can explicitly specify the port number used by the policy server 

In this case only port 44441 was used - see below

 

 


NOTE after registration complete you may need to make changes to the following parameters 
server.0.0.accounting.port
server.0.0.authentication.port
server.0.0.authorization.port

example 

 



 

Attachments

1558690430614000126355_sktwi1f5rjvs16g9x.png get_app
1558690428882000126355_sktwi1f5rjvs16g9w.png get_app
1558690425614000126355_sktwi1f5rjvs16g9v.png get_app