Can't get siteminder started (Legacy KB ID: 148221)

Document ID : KB000054645
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Restart the server since the system was not responding. Upon restart all of  web-agent protected application are returing the classic Server Error 500 message.


Solution:

Both auth, az log indicates:

[24/Mar/2004:10:42:44 -0500][1720-Server] Received connection request
[24/Mar/2004:10:42:44 -0500][1716-Server] New connection attempt from 10.160.9.10:41227
[24/Mar/2004:10:42:44 -0500][1716-E] Handshake error: Unknown client name 'nis_agent' in hello message
[24/Mar/2004:10:42:44 -0500][1716-E] Bad security handshake attempt. Handshake error: 3160
[24/Mar/2004:10:42:44 -0500][1716-E] Handshake error: Bad hostname in hello message
[24/Mar/2004:10:42:44 -0500][1716-E] Failed handshake with 10.160.9.10:41227
[24/Mar/2004:10:42:44 -0500][1716-I] Ending client session # 1 : nis_agent/10.160.9.10:41227

This error message was due to the fact that web agent sharedsecret is out of sync. Policy server can't recognize the shared secrect from webagent. Therefore, a secure TCP connection can't be established. You need to reset web agent shared secret. In the 4x agent, you need to re-enter the shared secrect. In the 5x agent you need to run smreghost to get trusted host re-registered. Here are the commands:

For W2K:
smreghost -i 172.26.16.53 -u jyang -p firewall -hn jyangwin.ca.com -hc "jyangwin-hostsettings" -f "C:\Program Files\CA\SiteMinder Web Agent\Config\smhost.conf"

For Solaris:
smreghost -i 172.26.16.54 -u jyang -p firewall -hn jyangsun.ca.com -hc "JYangsunHostSettings" -f "/export/home/smuser/CA/siteminder/qmr5/webagent/config/SmHost.conf"

You need to delete the trusted host already in the policy server if you want to use same name. Thanks.