000014966 - AXM- unable to login to Cleartrust agent  error: 'Cookie creation failed  authorization server returned an unexpected value CT_COOKIE_ERROR'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014966
Applies ToClearTrust 5.5.3
Win 2003 Server SP1
Cleartrust webagent 4.6 for IIS
IssueAXM-Unable to log in to Cleartrust agent, error: "Cookie creation failed, authorization server returned an unexpected value CT_COOKIE_ERROR"

The ct_agent.log in debug mode shows the following errors:

Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - get server from pool
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - id = 0 [10.10.10.5:5615], rc=1, d=531243
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - exception_type=TokenException, msg=(No Keys available)
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Warning> - Unable to create token. Authorization server returned: 15
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - Unable to create cookie
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - ct_coca_create_cookie returned: 7,902
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - Status is CT_COOKIE_ERROR
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - Status is: 194
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - URI: /securid/ct_logon.asp, User: testuser
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Debug> - Status is: 194
Jun 17, 2008 03:27:34 PM CDT - [3776] - <Error> - Cookie creation failed, authorization server returned unexpected value CT_COOKIE_ERROR

CauseThe errors indicates failure to access the KeyServer.sec or KeyClient.sec files on the server. The most common causes of this problem are incorrect permissions on either the $CTHOME/var directory or KeyServer/Client.sec, or the files themselves are corrupt. 
ResolutionIn this instance, the $CTHOME/var directory and its contents had incorrect permissions.  Opening permissions on both the $CTHOME/var directory and the KeyServer.sec and KeyClient.sec files to include user read permissions corrected the problem.
Legacy Article IDa40793

Attachments

    Outcomes