ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Error : ERP Agent Check Policy Server IP Address or FQDN - login failed

book

Article ID: 226143

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When running an ERP Agent on SAP, the Agent cannot handle request and
report error :

  #2.#2021 09 20 12:26:32:750#+0200#Error
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD0041000000060001F83F
  #304935450000000004#sap.com/irj
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler.isValidConnection()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  Return code from doManagement() is false#

  #2.#2021 09 20 12:26:32:752#+0200#Error
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD0041000000080001F83F#304935450000000004
  #sap.com/irj
  #com.netegrity.siteminder.sap.webas.jaas.AgentConnectionHandler.isValidConnection()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  Check Policy Server IP Address or FQDN#

  #2.#2021 09 20 12:26:32:754#+0200#Error
  #com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD00410000000A0001F83F#304935450000000004
  #sap.com/irj#com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule.SSOlogin()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  Agent not connected#

  #2.#2021 09 20 12:26:32:756#+0200
  #Error#com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule#
  ##ca.com~SiteMinderLoginModule#C0000A0B4AAD00410000000C0001F83F#304935450000000004
  #sap.com/irj#com.netegrity.siteminder.sap.webas.jaas.SiteMinderLoginModule.abort()
  #Guest#0##0E41B81919FA11EC9303506B8DF4C0A3#0e41b81919fa11ec9303506b8df4c0a3##0
  #Thread[HTTP Worker [@2047131059],5,Dedicated_Application_Thread]#Plain##
  login failed. Returning false#

 

Cause

 

No trace of Policy Server can be found from the network traces, which
means that the ERP Agent doesn't try reach the Policy Server.

The SAP Server report problem to access and execute code from the
CAPKIHOME :

std_server0.out

  --------------------------------------------------------------------------------
  stdout/stderr redirection
  --------------------------------------------------------------------------------
  node name : server0 host name : myHost system name : ONE system
  nr.  : 30 started at : Fri Oct 1 10:21:05 2021

  Please check atleast one of the following conditions are met.

  *) Set CAPKIHOME environment variable.

  *) Pass valid second parameter to etpki_lib_init function. Ex: if the second parameter is
  /a/b/c/[lib]cryptocme2.[dll][so][sl], it is assumed that /a/b/c has
all the required CAPKI shared libraries

This is a known issue on regular Web Agent when there's a lack of
configuration (1).

 

Environment

 

  - ERP Agent 12.51 on SAP 7.50 on RedHat 7;
     (ca-erp-webas-12.51-rhas30-x86-64.bin);

     smwebas.home = /myapp/siteminder/webagent/sapwebas/conf/

  - Policy Server 12.8SP4 on RedHat 7;
      JDK jdk8u265-b01;

 

Resolution

 

- Remove the JVM parameter :


  -DHostConfigFile=/myapp/siteminder/webasagent/sapwebas/conf/SmHost.conf

 

- Set the CAPKIHOME variable in ONE_SERVER1 :


  SETENV_XX = CAPKIHOME=/myapp/siteminder/webasagent/sapwebas/CAPKI

 

Additional Information

 

(1)

    Error : Set CAPKIHOME environment variable on Web Agent Apache

      So you need to ensure that the script or service you run to start
      Apache has the environment variable CAPKIHOME set, and all the
      environment variable of the ca_wa_env.sh script set too.

    https://knowledge.broadcom.com/external/article?articleId=121289