Article Number
000013440
Applies To
RSA Access Manager 4.8 Agent for IIS 6
Protocol Transition
Issue
AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error.
Response: 404 error during Protocol Transition
In viewing the ct_tokengen.log, it only shows startup information.
More importantly, the ctagent.log does not show the following lines:
<Info> - Domain name: SUPPORTLAB7
<Info> - WildCard map extension loaded
<Debug> - Got uri: /protected/ACL.html
<Debug> - Token request from header: AAAAAgABAFgl6WddpayRGWT0O7cKdeBB0VPomLa2BQ3W4YJHa0R23Uokyow2VC6ted4A/3P/Op6jPeAhYX+L/vTI7oVk53SOko9Iyc2acGD3Iyv1A7YPX9FywlHpQlw0
<Debug> - UPN: user1@supportlab7.com
<Debug> - Set custome user (AGENT_USER): user1
<Debug> - Cache missed, create new s4u token
<Debug> - Using DES-EDE cipher
<Debug> - Pipe Name :\\\\.\\pipe\\ctagent
<Debug> - Calling reader ...
<Debug> - reader buffer: 0000056c
<Debug> - Created token for user:user1@supportlab7.com
<Debug> - Impersonate handle: 56c
Cause
The lack of logging indicates that the Access Manager Wildcard map is not being called.
Resolution
Ensure IIS is configured to allow execution of the wildcard map. In the IIS management console, under"Web Service Extensions", ensure "Allow all unknown ISAPI extensions" is enabled, or setup a new extension to allow the ct_IIS60_agent.dll to run.
Notes
Also see the following related solutions:
"Protocol Transition fails and the user gets a 401 unauthorized message" Protocol Transition fails and the user gets a 401 unauthorized message
"Protocol Transition fails and the user gets a 401 unauthorized message" Protocol Transition reports error 404 for any pages with the wildcard map.
"AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error." AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error.
