SiteMinder : Access Gateway upgrade 12.9 not working and getting 504 gateway timeout error.
search cancel

SiteMinder : Access Gateway upgrade 12.9 not working and getting 504 gateway timeout error.

book

Article ID: 398652

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Access Gateway upgrade from R12.8.SP8 CR1 to R12.9 is not working and unable to access backend application getting 504 gateway timeout error. 

Environment

R12.9

OS RHEL 8.x

Cause

Observed the RNGD service is not running in customer's environment and When rngd service down, it could not establish the connection to the backend application. (httpclient.log) as below.

2025-05-18 07:52:55,782 DEBUG [org.apache.hc.client5.http.impl.classic.ConnectExec] ex-0000000001 acquiring connection with route {s}->[https://example.com:443]
2025-05-18 07:52:55,782 DEBUG [org.apache.hc.client5.http.impl.classic.InternalHttpClient] ex-0000000001 acquiring endpoint (300000 MILLISECONDS)
2025-05-18 07:52:55,783 DEBUG [org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager] ex-0000000001 endpoint lease request (300000 MILLISECONDS) [route: {s}->[https://example.com:443]][total available: 0; route allocated: 0 of 420; total allocated: 0 of 2500]
2025-05-18 07:52:55,785 DEBUG [org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager] ex-0000000001 endpoint leased [route: {s}->[https://example.com:443]][total available: 0; route allocated: 1 of 420; total allocated: 1 of 2500]
2025-05-18 07:52:55,795 DEBUG [org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager] ex-0000000001 acquired ep-0000000001
2025-05-18 07:52:55,795 DEBUG [org.apache.hc.client5.http.impl.classic.InternalHttpClient] ex-0000000001 acquired endpoint ep-0000000001
2025-05-18 07:52:55,795 DEBUG [org.apache.hc.client5.http.impl.classic.ConnectExec] ex-0000000001 opening connection {s}->[https://example.com:443]
2025-05-18 07:52:55,795 DEBUG [org.apache.hc.client5.http.impl.classic.InternalHttpClient] ep-0000000001 connecting endpoint (null)
2025-05-18 07:52:55,795 DEBUG [org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager] ep-0000000001 connecting endpoint to https://example.com:443 (300000 MILLISECONDS)
2025-05-18 07:52:55,796 DEBUG [org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator] example.com resolving remote address
2025-05-18 07:52:55,938 DEBUG [org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator] example.com resolved to [example.com/10.0.0.1, example.com/10.0.0.10]
2025-05-18 07:52:55,938 DEBUG [org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator] https://example.com:443 connecting null->example.com/10.0.0.1:443 (300000 MILLISECONDS)
2025-05-18 07:52:55,942 DEBUG [org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator] http-outgoing-0 https://example.com:443 connected /10.0.0.10:34084->example.com/10.0.0.1:443
2025-05-18 07:52:55,943 DEBUG [org.apache.hc.client5.http.impl.io.DefaultManagedHttpClientConnection] http-outgoing-0 set socket timeout to 180000 MILLISECONDS
2025-05-18 07:52:55,943 DEBUG [org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator] http-outgoing-0 https://example.com:443 upgrading to TLS
2025-05-18 07:52:55,966 DEBUG [org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy] Enabled protocols: [TLSv1.2]
2025-05-18 07:52:55,966 DEBUG [org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy] Enabled cipher suites: [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
2025-05-18 07:52:55,967 DEBUG [org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy] Starting handshake (null)
2025-05-18 07:52:59,342 DEBUG [org.apache.hc.client5.http.impl.classic.InternalHttpClient] ex-0000000002 preparing request execution
2025-05-18 07:52:59,342 DEBUG [org.apache.hc.client5.http.impl.classic.ProtocolExec] ex-0000000002 target auth state: UNCHALLENGED
2025-05-18 07:52:59,343 DEBUG [org.apache.hc.client5.http.impl.classic.ProtocolExec] ex-0000000002 proxy auth state: UNCHALLENGED
2025-05-18 07:52:59,343 DEBUG [org.apache.hc.client5.http.impl.classic.ConnectExec] ex-0000000002 acquiring connection with route {s}->[https://example.com:443]
2025-05-18 07:52:59,343 DEBUG [org.apache.hc.client5.http.impl.classic.InternalHttpClient] ex-0000000002 acquiring endpoint (300000 MILLISECONDS)
2025-05-18 07:52:59,343 DEBUG [org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager] ex-0000000002 endpoint lease request (300000 MILLISECONDS) [route: {s}->[https://example.com:443]][total available: 0; route allocated: 1 of 420; total allocated: 1 of 2500]
2025-05-18 07:52:59,343 DEBUG [org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager] ex-0000000002 endpoint leased [route: {s}->[https://example.com:443]][total available: 0; route allocated: 2 of 420; total allocated: 2 of 2500]

Resolution

Start the RNGD service demon using root account on the Linux server using below command to start the services to resolve the issue for Access Gateway reaching the backend application servers.

service rngd start

 

Powered by Wolken Software