Unable to Load SiteMinder Host Configuration Object on Windows
Article ID: 4334
Updated On:
Products
Issue/Introduction
The Siteminder Web Agent fails to start. The following error is printed in the Windows Application Event Viewer.
Description:
Unable to load SiteMinder host configuration object or host configuration file.
<Install_Dir>\webagent\config\SmHost.conf
In the Siteminder Policy Server logs (smps.log) the following information messages are printed:
Bad security handshake attempt. Handshake error: 3154
Handshake error: Shared secret incorrect for this client
Failed handshake with ::<IP_ADDRESS>
NOTE: The IP address noted in the SMPS Log is the IP address of the Siteminder Agent Web Server.
Environment
PRODUCT: Symantec Siteminder
COMPONENT: Web Agent for IIS
VERSION: Any
OPERATING SYSTEM: Windows Server
Cause
The Siteminder policy server is rejecting the shared secret sent by the web agent. The web agent is pulling the shared secret from the 'smhost.conf' file. The policy server is storing the same shared secret as an encrypted value in the web agent's Trusted Host Object in the Policy Store. This could be occurring for a number of reasons, including but not exclusively:
- Shared secret incorrect
- Policy Server is failing to decrypt the shared secret
Resolution
Re-register the web agent with the Policy Server.
OPTION #1: Run the Siteminder Web Agent Configuration Wizard
OPTION #2: Use The 'smreghost' Command Line Utility.
1) Logon to the Siteminder Policy Server
2) Launch 'cmd.exe' with elevated privileges (Run As Administrator)
3) Run the following command:
smreghost -i <policy_server_IP_address>:<port> -u <administrator_username> -p <administrator_password> -hn <trusted_host_name> -hc <host_configuration_object>
4) Stop and start the IIS Web Server
Additional Information
Feedback
