Error SSO registration for APIM

Document ID : KB000126355
Last Modified Date : 07/02/2019
Show Technical Document Details
Issue:

When we try to register gateway agent to CA SSO Policy Server we get an error "smreghost exited with nonzero status 141"

Registering with CA SSO is throwing the following error dialog box.

Error Dialog

Steps followed:  

Configure System Property for CA Single Sign-On

Before you start using CA Single Sign-On, configure the following system property first.
To configure the system property for CA Single Sign-On:

1. Open a privileged shell.
2. Locate and open the following file in a text editor:

/opt/SecureSpan/Gateway/node/default/etc/conf/system.properties

3. Add the following line:

org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE = true

4. Save and exit the file.
5. Restart the Gateway.

Environment:
Gateway 9.4
SSO Policy Server 12.51 Sp1 FIPS mod (mode or version does not matter)
Cause:
The error dialog box is a generic failure message when communicating to the policy server in this particular case port 44442 (Default for smreghost) was blocked 

The network conversation between the APIM GW IP:xxx.xxx.xxx.xxx:44442 to SSO Policy server yyy.yyy.yyy.yyy:44442 - is not able to be established on port 44442
RST 

No.     Time                        Source                Source Port Destination           Destination Port Protocol Length Info
     34 2019/036 15:19:24.592370    xxx.xxx.xxx.xxx          58295       yyy.yyy.yyy.yyy          44442            TCP      66     58295 → 44442 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=512
     35 2019/036 15:19:24.592677    yyy.yyy.yyy.yyy          44442       xxx.xxx.xxx.xxx          58295            TCP      60     44442 → 58295 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

 
Resolution:

When registering the "CA Single Sign-On Registration Properties"  you can explicitly specify the port number used by the policy server 

In this case only port 44441 was used - see below

SSO Port


NOTE after registration complete you may need to make changes to the following parameters 
server.0.0.accounting.port
server.0.0.authentication.port
server.0.0.authorization.port

example 

host-config