000013559 - AXM - Access Manager 4.8 agent - Getting 403 error  no agent log generated

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013559
Applies ToAccess Manager Web Agent IIS V4.8 Agent
Microsoft Internet Information Server (IIS) 6.0
IssueAXM - Access Manager 4.8 agent - Getting 403 error, no agent log generated
Installed the agent -  getting a 403 error code every time  the web server is hit;  there are no agent log files being generated. 
Cause

Running DBWIN32  shows the following after an iisreset and server is hit:

2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Unable to complete initialization
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Detected invalid or missing configuration parameter(s):
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> -
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Property:
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - cleartrust.agent.trusted_proxy_list=
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Description:
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Specifies the list of hosts to be identified as trusted proxies.
If cookie_ip_check is enabled, requests are from one of these hosts, and they
contain a header as specified in trusted_proxy_header_name, this header IP
will be set in the cookie when the client authenticates. The proxies are
'trusted' in the sense that if there was no list to check against, any client
could spoof the header with any IP and it would be accepted as the client IP
by the Agent. Each
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Invalid or missing value configured for the above property
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - The value for this parameter is a comma-separated list of valid
IP addresses. Example: '192.168.1.1,10.0.0.2'
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Trusted domain list is empty.
2244: 2008-06-13 14:58:38 -0400 - [3420] - <Config> - Please fix the above problem(s) and restart the web server
2244: Configuration Error
2244: Configuration error, deny user access

ResolutionIn the webagent.conf, Ip check is true and cleartrust.agent.trusted_proxy_header_name=x-forwarded-for is set. The agent with trusted prioxy header name set expected a cleartrust.agent.trusted_proxy_list to be set. Removed "x-forwarded-for" from header name and agent loaded.
Legacy Article IDa40706

Attachments

    Outcomes