The default install of Red Hat Enterprise Linux 5 enabled the iptables firewall, this restricts traffic on ports 44441-44443, and will cause problems with registration of the WAM UI with Siteminder R12, and Siteminder R6 this will become noticable when trying to register webagents with the policy server.
As a temporary fix disabling the iptables service:
/etc/init.d/iptables stopwill enable registration to proceed as normal.
The default install of Red Hat Enterprise Linux 5 enabled the iptables firewall, this restricts traffic on ports 44441-44443.
In a default Siteminder R12 install this will first cause a problem when trying to register the WAMUI with the policy server:
The entry in the WAM UI log is not very informative : 09:42:34,619 INFO [UIAgent] Bootstrap UIAgent is shutdown 09:42:34,636 ERROR [EventExecuteStateException] Execution of event: CreateUIConnectionEvent failed. Exception encountered: Agent API failure 09:42:34,637 ERROR [IMSEventController] Error during event execution [60dd2228-64dc45e0-00ff22ed-69cf726c] CreateUIConnectionEvent 09:42:34,809 WARN [eventlistener] EvtIMTaskEvent:d3dc62a4-bb78d9ed-4d80ad90-acf805d is invalid. 09:42:35,826 DEBUG [UIComponentTag] Entered encodeBegin for client-Id: headContents
And there are no entries in the policy server log.
A quick test using telnet to try and access the policy server via:
$telnet policyserver 44443
will timeout without making a connection, indicating there is a problem with establishing the connection.
There are a number of other issues that can occur during registration, but in this case it was the iptables firewalling that was disabling connections on the standard siteminder ports 44441-44443.
Disabling the iptables service temporarily on the policy server:
will then enable registration of the WAM UI to proceed.
But as indicated, there are other reasons that your WAM UI registration may not succeed, for instance there is a timeout period for the registration credentials, so if this does not fix your problem you should look for other reasons the network connection cannot be made.
For a more permanent solution you will need to disable the iptables service for the normal running levels of Linux which can be done as follows:
$chkconfig --levels 345 iptables off
or you can navigate the RedHat Gui firewall configuration tool to allow connections to the policy server on the ports 44441-44443.
Note: If iptables is enabled in a Siteminder R6 Policy Server that will also causes problems, but for R6 the first problem encountered will be when trying to do a trusted host registration from the webagent to the policy server.