siteminder IIS web agent failed to work with extra long url request
search cancel

siteminder IIS web agent failed to work with extra long url request

book

Article ID: 199643

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Web Agent and we observe that IIS w3wp.exe process
crashes when request URL is larger than 7k in length.

We've configured ACO MaxUrlSize configuration increase to a value to
suit the URL length. This has no effect in this use case.  Without Web
Agent installed, same URL request goes through fine.

We have multiple sites under IIS. The site is working without Web
Agent. Once Web Agent is installed to protect one of the sites, the
other site broke when large URL is sent. Windows Event viewer shows
only faulty "msvcrt.dll" message. Since the Web Agent is not enabled
for this site, there is no Web Agent log nor traces generated.

APPCRASH

Not available
  0
  w3wp.exe
  10.0.14393.0
  57899b8a
  msvcrt.dll
  7.0.14393.2457
  5b7e2c5bc00000050000000000073f5a

  \\?\C:\Windows\Temp\WER80ED.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER813C.tmp.WERInternalMetadata.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a\memory.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a\triagedump.dmp
  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a
  0
  f962877f-4365-4819-bd7b-857169388733
  4

How can we fix this ?

 

Environment

 

  Web Agent 12.52SP1CR10 on IIS 8.5 on Windows 2012R2;

 

Cause

 

This is a defect with a Web Agent library.

IIS default limits of the url is at 4k, if not modified, request will
be blocked with message "Request filtering is configured on the web
server to deny the request because the query string is too long", and
HTTP error 404.  However, this can be modified to 20k via IIS Request
filtering configuration.

By following 3rd party link:

  How do I increase the maxUrlLength property in the config in asp.net MVC 3?
  https://stackoverflow.com/questions/8245843/how-do-i-increase-the-maxurllength-property-in-the-config-in-asp-net-mvc-3

Once IIS configuration is changed, request will be stopped by agent,
and the result is w3wp.exe crashing.

For failed test cases, IIS u-log doesn't record the request,
FailedReqLogFiles is also empty. So Windows process dump must be
collected for failed use case.
 
Dump can be enabled by following the step below:

  Steps to Catch a Simple “Crash Dump” of a Crashing Process
  https://docs.microsoft.com/en-gb/archive/blogs/chaun/steps-to-catch-a-simple-crash-dump-of-a-crashing-process

 

Resolution

 

Upgrade to Web Agent 12.52SP1CR11 :

  SSO WEBAGENT R12.52 SP01 CR11 [#2820]
  https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS15420&os=ANY

The fix is available in it :

  Defects Fixed in 12.52 SP1 CR11

    01353610, 32173134, 32219451 DE416050, DE477735, DE474907 Web
    Agent on IIS 10 application pool crashes if the request URL
    contains more than 6000 characters.

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/release-notes/cumulative-releases/Defects-Fixed-in-12_52-SP1-CR11.html