Troubleshooting installation problems of Microsoft IIS 5.0 Policy Agent on a WIndows Box
By Gregory Bedigian on Sep 22, 2008
I had run into this problem a while back with a customer while trying to install Microsoft IIs 5.0 Policy Agent on a windows box.
Here is what you need to know when attempting this for yourself!
Troubleshooting Microsoft IIS 5.0 Policy Agent ---------------------------------------------- If you are experiencing problems with your installation, try the following: Check the installation log file for errors: %TEMP%\\Sun_ONE_Identity_Server_Policy_Agent_uninstall.nnnn Re-install the agent by uninstalling and then installing. Verify agent loading in IIS: Launch Internet Services Manager. From the Start menu, choose Programs > Administrative Tools > Internet Services Manager. Open the properties for the host computer in the Tree Pane of the Internet Services Manager window that is titled Internet Information Services. The host computer name should appear in the tree underneath the Internet Information Services root. Click Edit in the Master Properties section of the Internet Information Services tab. Select the ISAPI Filters tab in the WWW Service Master Properties dialog that appears. Look for the filter name â€œSun ONE Identity Server agent.â€� If the Filter name â€œSun ONE Identity Server Agentâ€� does not appear at all, then check that the installation program was run, and look for any errors during installation. The install log is located at: %TEMP%\\Sun_ONE_Identity_Server_Policy_Agent_uninstall.nnnn A green arrow pointing up in the Status column to the right of the â€œSun ONE Identity Server Agentâ€� indicates the agent loaded successfully into IIS. A red arrow pointing down indicates that the filter failed to load. The most likely cause of the filter not loading successfully (red arrow) is that it cannot locate the required dll files. Check your system path to ensure that the following directory is present: Agent_Install_Dir\\bin If the filter did not load successfully check the following: Check the path of the Agent DLL by clicking â€œSun ONE Identity Server Agentâ€� and then Edit. Ensure that the path in the text box labeled Executable is valid. The agent also needs several DLL files. Check that the following exist in the directory Agents\\bin: amsdk.dll ames6.dll libnspr4.dll libplc4.dll libplds4.dll libxml2.dll nss3.dll ssl3.dll If the libraries are in your system path try rebooting the system. IIS logs filter loading errors in the System Event Log. To check the event log: From the Start menu, choose Programs > Administrative Tools > Event Viewer. Select the System Log. Check for Error messages with Source W3SVC. If the agent loads but returns HTTP 500 Internal Server Error for all URL requests to the IIS web server. This indicates that the agent has loaded but did not properly initialize. Returning HTTP 500 Internal Server Error for all HTTP requests is a fail-safe to protect URL resources when the agent cannot initialize. The most likely cause is a Sun ONE Identity Server agent or server misconfiguration or unavailability. Check the agent debug log. The log is located by default at the Agent_Install_Dir directory. This is the best source of debug information for resolving initialization and agent operation issues. The log file directory is specified by the property: com.sun.am.policy.am.logFile in the AMAgent.properties file located in the directory: Agent_Install_Dir\\iis\\config\\_PathInstanceName The property com.sun.am.policy.am.loglevels controls the verbosity of the log information. Set the logging level for the specified logging categories. The format of the values is: ModuleName[:Level],ModuleName[:Level]]\* The currently used module names are AuthService, NamingService, PolicyService, SessionService, PolicyEngine, ServiceEngine, Notification, PolicyAgent, RemoteLog and all. If the level is omitted, then the logging module will be created with the default logging level, which is the logging level associated with the 'all' module. The all module can be used to set the logging level for all modules. This will also establish the default level for all subsequently created modules.The meaning of the 'Level' value is described below: 0 = Disable logging from specified module 1 = Log error messages 2 = Log warning and error messages 3 = Log info, warning, and error messages 4 = Log debug, info, warning, and error messages 5 = Like level 4, but with even more debugging messages. Check that the agent can locate the AMAgent.properties configuration file. The agent uses the registry key HKEY_LOCAL_MACHINE\\Software\\Sun Microsystems\\Identity Server IIS Agent to locate the AMAgent.properties file. The AMAgent.properties file is located at: Agent_Install_Dir\\iis\\config\\_PathInstanceName The agent uses the Application Event Log to log errors that occur before the debug log file specified in AMAgent.properties is started. From the Start menu, choose Programs > Administrative Tools > Event Viewer. Select the Application Log. Check for agentError messages with source as Sun ONE Identity Server IIS agent. More info in troubleshooting section of: http://docs.sun.com/source/816-6772-10/win2k.html