All of these errors indicate a problem on the Policy Server.
This error occurs when attempting to communicate with SmTransact without using SmPortal. It should never occur under normal circumstances.
This error occurs when attempting to communicate with SmTransact without using SmPortal. It should never occur under normal circumstances.
The service is not installed on the Policy Server.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
This indicates a programming error in the service provider. Contact your service provider developer for resolution.
Indicates that the version of SmPortal.dll and the version of SmTransact.dll do not match. You will need to upgrade one or the other.
SmTransact keeps logs of virtually all of its activities. Most operational activity and errors are logged in the SiteMinder Policy Server console log (by default, in the Authentication Service log).
If trace and debug logging are enabled for a service, the messages are also placed into the SiteMinder console log.
The password policy may be too strict or improperly configured. Review your password policy defined in APS.CFG. Check the Content Minimums options for consistency: if the sum of Letters plus Digits, for example, is greater than Maximum Password Length, no password could meet the criteria and all passwords will be rejected. Use the APSTestSettings utility to determine the settings in effect for the user having the problem.
Also check the SiteMinder Authentication Service Console Log. APS almost always logs even more information about a password content rejection to the log that it displays to the user. For example, if the password is rejected because it matches all or part of the user's profile, the actual attribute that matched is logged to the console log.
No users in any user directory may have exactly the same username. If accounts with identical usernames exist in these separate directories, some or all of these accounts may be disabled at random. See the description associated with the "Failure Count Timeout" setting in the APS Configuration File for more information, restrictions and related issues.
This occurred at one site when the User prefix/suffix combination was incorrectly defined in the User Directory entry in SiteMinder's Policy database. The prefix had a wildcard that caused all (or many) user accounts to be checked during authentication.
LDAP directories must not be read-only. Advanced Password Services saves information to each user's record in the LDAP directory, so the directory must not prevent active writing.
If you are using multiple LDAP Directory servers in a Master/Slave replication arrangement, you will have to use the write back settings. See the associated settings in the chapter entitled The APS Configuration File.
Verify that your SMTP settings are configured correctly. Check the SiteMinder Authentication Server Console log (with maximum tracing enabled) to see if any messages are logged from Advanced Password Services or from APSMail. Use APSMailTest to determine if your settings are correct. Try logging mail to a log file.
Verify that the automated email settings in the APS Configuration File are set properly.
Ensure that an email file exists for the proper event for the particular language and that its format is correct and complete. You can use APSMailTest to check this.
Check the error logs on your SMTP server.
When using Windows NT domains, ensure that the global password policy does not require users to log in to the domain in order to change their passwords. CA is working with Microsoft to determine why 0x8007054B (and other) errors occur when this flag is set and the user attempts to change their own password. This problem only occurs for Windows NT domains; it does not occur for other directory types.
This error message is displayed by SmCPW if the SMCPW response is not connected (or returning data) to the SmCPW page. SmCPW requires that a specific SiteMinder response be sent to it by SiteMinder. This response is an Active Attribute obtained via a call into the "smaps" library to a function called "SMCPW". If this response does not exist, is improperly formed, or is not connected to the SmCPW rule within the SiteMinder Policy, this error will occur. Note that the text of the error may vary if the Language file translates the text.
This is usually caused by bad Access Control Information (ACI) that prevents a user from reading their own record. During password change operations, APS uses the user's own credentials to bind to the LDAP directory. If these credentials have insufficient access, the Directory Provider will report that the record could not be found. There is no way for APS to identify the difference.
This means that the presentation pages or one of their components are protected. Check the SiteMinder authorization (AZ) log to see what page is being accessed.
Usually, the culprit is a cascading style sheet, a frame, or a graphic.
|
Copyright © 2014 CA.
All rights reserved.
|
|