search cancel

Admin UI can not change to certain ACO object, with error "Connection reset by peer"

book

Article ID: 133050

calendar_today

Updated On:

Products

SITEMINDER CA Security Command Center

Issue/Introduction

Customer reports Admin UI can not do changes to certain ACO object, can change description, but when editing ACO parameter BadCSSChars, getting error during POST submit.

Web browser shows blank page, after having tried all kinds of browsers (firefox, IE and chrome).

The error on IE is: Error Code: INET_E_DOWNLOAD_FAILURE

admin ui server.log:

2019-05-18 02:15:18,868 ERROR [io.undertow.request] (default task-52) UT005023: Exception handling request to /iam/siteminder/console/ui7/index.jsp: java.lang.RuntimeException: java.io.IOException: Connection reset by peer

Caused by: java.io.IOException: Connection reset by peer

at sun.nio.ch.FileDispatcherImpl.read0(Native Method) [rt.jar:1.8.0_202]

at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) [rt.jar:1.8.0_202]

at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) [rt.jar:1.8.0_202]

at sun.nio.ch.IOUtil.read(IOUtil.java:192) [rt.jar:1.8.0_202]

at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) [rt.jar:1.8.0_202]

at org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:282)

at org.xnio.conduits.AbstractStreamSourceConduit.read(AbstractStreamSourceConduit.java:51)

at io.undertow.conduits.ReadDataStreamSourceConduit.read(ReadDataStreamSourceConduit.java:67) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.conduits.FixedLengthStreamSourceConduit.read(FixedLengthStreamSourceConduit.java:234) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)

at io.undertow.channels.DetachableStreamSourceChannel.read(DetachableStreamSourceChannel.java:207) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.HttpServerExchange$ReadDispatchChannel.read(HttpServerExchange.java:2083) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:133) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:251) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:752) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

... 38 more

The request did not even reach to policy server., while full trace was turned on.


Environment

Release:12.8sp2

Component: Admin ui

OS: Any

Cause

Customer has implemented anti-virus software lately.

The anti-virus software is configured to filter any request on port 8080, which admin ui uses.

Which breaks the connection either due to size or security protocol.

Resolution

Customer changed anti-virus software configuration.

Additional Information

When this problem occurs, customer may attempt to do the ACO change via XPSExplorer, only to find out that 

ACO parameter can not be changed via XPSExplorer. ACO parameters are properties of domain object (links), not main domain objects category.

Even you are in write mode, there will be too many property values to modify/enter in command line, and they are all belong to a single attribute.

It is impossible to do so without introducing more errors from XPSExplorer.

Work around will be using JXplorer to connect to policy store directly.

Next search object smPropertySectionOID5=21-xxxx-xxx-... , which is the particular ACO parameter object id you would like to modify.

Once found the object, edited it from JXplorer , and hit submit.

This work around step will not take care of policy server cache, after recycling policy server and admin ui, then it will become effective.