000014803 - AxM - RSA Access Manager IIS agent is crashing the SharePoint Server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014803
Applies ToRSA Access Manager 4.7 Agent for IIS 6
Microsoft SharePoint Server
IssueAxM - ClearTrust is crashing the SharePoint Server
SharePoint server integrated with  Clear Trust is crashing the SharePoint Server shortly after user logs in. Protocol Transition was successful.

Scenario #1
Microsoft event log showed errors with DCOM processing with CLSID {61738644-F196-11D0-9953-00C04FD919C1} and the Application Pool for that SharePoint installation suffering a fatal error.

A process serving application pool 'SharePoint - port number' suffered a fatal communication error with the World Wide Web Publishing Service.
 
"The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool."

The application pool security account was set to "NETWORK SERVICE". The specified error occurring because the NETWORK SERVICE does not have Local Activation Access to IIS WAMREG admin Service DCOM.


Scenario #2
ADPLUS -iis -crash  dump analysis showed with preproc_auth_enabled True  in webagent.conf  that IIS crashed on RSA agent setting a temp value of the string "1" to the auth header
ResolutionFix#1 Change the security account or change the permissions.  Chang TO "Local System" (the default account) worked. This security permissions FOR network service can be modified using the Component Services administrative tool.

Fix #2 In the agent webagent.conf file, set the following to False

cleartrust.agent.iis.preproc_auth_enabled=FALSE

Legacy Article IDa47274

Attachments

    Outcomes