search cancel

Error : Cannot fetch Agent errors in smps log

book

Article ID: 39387

calendar_today

Updated On:

Products

CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running Web Agent and Policy Server, the Policy Server reports an error:

  Cannot fetch agent <agent-name> agent
  Cannot fetch agent rm68mlez4nymx/84ghafegu8szctihxhazdwm36bjoffghbqrkh2akoxdischjcq
  [ERROR][sm-IsAuthorized-00220] Bad sxxx/rxxx request detected: error 'Cannot fetch agent xxxx'
  

and the request fails with error 500 in the browser. The Web Agent reports an error

  Communication failure between SiteMinder policy server and web agent

for that transaction.

 

Cause

 

In general, cannot fetch an agent means Policy Server is unable to locate the Agent in the Policy Store. When a Web Agent intercepts the request, it needs to pass the AgentName and Target Resource to the Policy Server for it to check if the Resource is protected or not. If the AgentName passed in is invalid due to some reason, then we expect to see this error message.

Some of the common issues are that the end-user has bookmarked the login page and the AgentName, as encrypted, has changed after the upgrade. Try to access the protected resource directly without going thru the bookmark and check if that makes any difference.

If the issue is not due to a bookmark and happens consistently, try to check the Realm that has the problem and make sure the Agent exists. Alternatively, you can try to recreate the Agent and assign it to the realm and check if that helps.

If the agent name is encrypted, try setting the ACO parameter:

  EncryptAgentName 

to "No", so that the agent causing this error can be identified (1).

 

Resolution

 

  1. Try to access the protected resource directly without going thru the bookmark and check if that makes any difference.
  2. Check the realm that has the problem and make sure the agent exists.
  3. Try to recreate the agent and assign it to the realm.

 

Additional Information

 

(1)

    Encrypt the Agent Name