|
|
|
You can troubleshoot the Federation Manager Windows Agent by referring to the log file, IWAConnectorConfig.conf, located in the federation_mgr_root\connectors\IWA\config folder. In the log file, you can possibly see any of the following messages:
Symptom:
Config file not found.
Solution:
Make sure that the IWAConnectorConfig.conf file is present in the federation_mgr_root\connectors\IWA\config folder.
Symptom:
Invalid authtype specified.
Solution:
Make sure the authentication type is specified as NTLM or Kerberos. Re-run the configuration wizard if necessary. Do not manually edit the configuration file to change this value.
Symptom:
NTLM is not supported on non-Windows platform.
Solution:
Re-run the configuration wizard and specify Kerberos as the authentication type. Do not manually edit the configuration file to change this value.
Symptom:
Password should be encrypted using the IWAEncryptPassword utility.
Solution:
Re-run the configuration wizard and enter the password. Do not manually edit the configuration file to change this value.
Symptom:
AuthType cannot be blank.
Solution:
Re-run the configuration wizard and select an authentication type. Do not manually edit the configuration file to change this value.
Symptom:
Encryption key cannot be blank.
Solution:
Re-run the configuration wizard and select an encryption key. Do not manually edit the configuration file to change this value.
Symptom:
Invalid Encryption Transform specified.
Solution:
Re-run the configuration wizard and specify another encryption transformation. Do not manually edit the configuration file to change this value.
Symptom:
Invalid HMAC value specified. Only true or false can be specified.
Solution:
Re-run the configuration wizard and select true or false for whether to enable HMAC. Do not manually edit the configuration file to change this value.
Symptom:
Kerberos configuration is invalid.
Solution:
Make sure the following parameters are specified correctly:
Re-run the configuration wizard if necessary. Do not manually edit the configuration file to change any of these values.
Symptom:
Context expiration interval cannot be less than 1 minute.
Solution:
Re-run the configuration wizard and specify a context expiration interval of longer than 1 minute. Do not manually edit the configuration file to change this value.
Symptom:
Invalid configuration. Server not initialized.
Solution:
Make sure the following values are specified correctly:
Re-run the configuration wizard if necessary. Do not manually edit the configuration file to change any of these values.
Symptom:
Aborting request as it is initiated with an IP address.
Solution:
Make sure that the SSO request is always initiated with a fully qualified domain name.
Symptom:
Kerberos initialization failed, please check the configuration parameters.
Solution:
Make sure the following values are specified correctly:
Re-run the configuration wizard if necessary. Do not manually edit the configuration file to change any of these values.
Symptom:
No cookie found; it is either expired or deleted.
Solution:
This message appears when the browser is configured incorrectly. Make sure that the browser configuration is complete for NTLM and that cookies are not disabled.
Symptom:
NTLM credentials cookie is not found.
Solution:
This message appears when the browser is configured incorrectly. Make sure that the browser configuration is complete for NTLM and that cookies are not disabled.
Symptom:
User domain or workstation information not found.
Solution:
This message appears when the domain name or the workstation man was not found in the NTLM type 3 message. Makes sure that this message has not been altered.
Symptom:
User has not entered the domain information.
Solution:
Make sure the browser configuration for NTLM authentication is complete. If you are using a prompt-based authentication, make user that the domain name is provided with the user name.
Symptom:
Authentication failed when attempting auth for principal SPN_Name to the KDC KDC_address, using keys in the Keytab keytab_path.
Solution:
Make sure that the following parameters are correct:
Symptom:
User Name not found; ensure that your browser is on a machine other than the Federation Manager server.
Solution:
Make sure that the SSO request is always made from a system other than the Federation Manager server at the asserting party.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |