search cancel

Error: ERP Agent Check Policy Server IP Address or FQDN - login failed

book

Article ID: 226143

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

When running an ERP Agent on SAP, the Agent cannot handle requests and report errors:

  #2.#2021 09 20 12:26:32:750#+0200#Error
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD0041000000060001F83F
  #304935450000000004#sap.com/irj
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler.isValidConnection()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  Return code from doManagement() is false#

  #2.#2021 09 20 12:26:32:752#+0200#Error
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD0041000000080001F83F#304935450000000004
  #sap.com/irj
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler.isValidConnection()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  Check Policy Server IP Address or FQDN#

  #2.#2021 09 20 12:26:32:754#+0200#Error
  #com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD00410000000A0001F83F#304935450000000004
  #sap.com/irj#com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule.SSOlogin()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  Agent not connected#

  #2.#2021 09 20 12:26:32:756#+0200
  #Error#com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD00410000000C0001F83F#304935450000000004
  #sap.com/irj#com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule.abort()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  login failed. Returning false#

Cause

 

No trace of the Policy Server can be found from the network traces, which means that the ERP Agent doesn't try to reach the Policy Server.

The SAP Server report problem to access and execute code from the CAPKIHOME:

std_server0.out

  --------------------------------------------------------------------------------
  stdout/stderr redirection
  --------------------------------------------------------------------------------
  node name : server0 host name : myHost system name : ONE system
  nr.  : 30 started at : Fri Oct 1 10:21:05 2021

  Please check atleast one of the following conditions are met.

  *) Set CAPKIHOME environment variable.

  *) Pass valid second parameter to etpki_lib_init function. Ex: if the second parameter is
     /a/b/c/[lib]cryptocme2.[dll][so][sl], it is assumed that /a/b/c has
     all the required CAPKI shared libraries

This is a known issue on regular Web Agent when there's a lack of configuration (1).

 

Environment

 

  - ERP Agent 12.51 on SAP 7.50 on RedHat 7;
     (ca-erp-webas-12.51-rhas30-x86-64.bin);

     smwebas.home = /myapp/siteminder/webagent/sapwebas/conf/

  - Policy Server 12.8SP4 on RedHat 7;
      JDK jdk8u265-b01;

 

Resolution

 

- Remove the JVM parameter:

  -DHostConfigFile=/myapp/siteminder/webasagent/sapwebas/conf/SmHost.conf
 

- Set the CAPKIHOME variable in ONE_SERVER1:
 

  SETENV_XX = CAPKIHOME=/myapp/siteminder/webasagent/sapwebas/CAPKI

 

Additional Information

 

(1)

    Error: Set CAPKIHOME environment variable on Web Agent Apache

      So you need to ensure that the script or service you run to start
      Apache has the environment variable CAPKIHOME set, and all the
      environment variable of the ca_wa_env.sh script set too.