Question:
Why is it that after installing and configuring the webagent on win64 IIS7.5 Windows server 2008 R2, we are able to access protected resources without being challenged?
Environment:
Web Server Version: IIS 7.x
Web Server OS & Bit version: windows 2008 R2
SiteMinder Web Agent Version:Answer: 12.0 SP3.x/12.52.x
Answer:
If the "Enable 32-Bit applications" option in the Advanced settings of the application pool you are using is set to "True", Siteminder webagent will be pulling the settings in the 32bit webagent.conf file.
Please do the following:
X:\Program Files\CA\webagent\win32\bin\IIS\webagent.conf
EnableWebAgent="YES" should be set in the webagent.conf file in the above path
X:\Program Files\CA\webagent\win32\log\
Logfile: Yes
LogFileName32 : X:\Program Files\CA\webagent\win32\log\wa.log
TraceFile: Yes
TraceFileName32 : X:\Program Files\CA\webagent\win32\log\watrace.log
LogFileName32
Specifies the full path of a log file for a CA Single Sign-On Web Agent for IIS (on 64-bit Windows operating environments protecting 32-bit applications). The 32-bit applications run in Wow64 mode on the 64-bit Windows operating environment. If logging is enabled but this parameter is not set, the Web Agent for IIS appends _32 to the log file name.
Default: No
Limits: For Windows 64-bit operating environments only. Specify the file name at the end of the path.
Example: (Windows 64-bit operating environments using Wow64 mode) web_agent_home\log\WebAgent32.log.
https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agent-configuration/logging-and-tracing/error-logs-and-trace-logs#ErrorLogsandTraceLogs-SetUpandEnableErrorLogging
TraceFileName32
Specifies the full path to the trace file for the CA Single Sign-On Agent for IIS is running on a 64-bit Windows operating environment and protecting 32-bit applications. Set this parameter if you have a CA Single Sign-On Agent for IIS installed on a 64-bit Windows operating environment and protecting a 32-bit Windows application. The 32-bit applications run in Wow64 mode on the 64-bit Windows operating environment. If trace logging is enabled but this parameter is not set, the Web Agent for IIS appends _32 to the file name.
Default: No default.
Limits: For Windows 64-bit operating environments only. Specify the trace file name at the end of the path.
Example: (Windows 64-bit operating environments using Wow64 mode) web_agent_home\log\WebAgentTrace32.log.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/configuring/web-agent-configuration/logging-and-tracing/how-to-set-up-trace-logging.html
Additional Information:
You may receive warning "Unable to initialize tracing error" if the 32 bit webagent logging is not configured correctly as per below:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/troubleshooting/troubleshooting-agent-configuration.html