Error : Cannot fetch Agent errors in smps log

book

Article ID: 39387

calendar_today

Updated On:

Products

CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running Web Agent and Policy Server, the Policy Server reports
error :

  Cannot fetch agent <agent-name> agent
  Cannot fetch agent rm68mlez4nymx/84ghafegu8szctihxhazdwm36bjoffghbqrkh2akoxdischjcq

and the request fails with error 500 in the browser. The Web Agent reports error

  Communication failure between SiteMinder policy server and web agent

for that transaction.

 

Cause

 

In general, cannot fetch agent means Policy Server is unable to locate
the Agent in the Policy Store. When a Web Agent intercepts the
request, it needs to pass the AgentName and Target Resource to the
Policy Server in order for it to check if the Resource is protected or
not. If the AgentName passed in is invalid due to some reason, then we
expect to see this error message.

Some of the common issue is end user has bookmarked the login page and
the AgentName, as encrypted, has changed after upgrade. Try to access
the protected resource directly without go thru bookmark and check if
that make any different.

If the issue is not due to bookmark and happen consistently, try to
check the Realm that having the problem and make sure the Agent
exist. Alternatively, you can try to recreate the Agent and assigned
it to realm and check if that helps.

If your agent name is encrypted, try setting the ACO :

  EncryptAgentName 

to "No", so that you can identify the agent causing this error (1).

 

Resolution

 

1. Try to access the protected resource directly without go thru
   bookmark and check if that make any different.

2. Check the realm that having the problem and make sure the agent
   exist.

3. Try to recreate the agent and assign it to the realm.