Hello,

we have an issue with our NAM 4.0.1-88 (HF1-93, HF2-107, HF3-132)
environment. When we try to access an application with authentication
through NAM, the login page begins to load into a loop.

Researching in the NetIQ site, I found the next "cool solution":
http://tinyurl.com/oxavlvs, concretly I think that the scenario "SSL
Handshake Error - known cause" could work. But I was wondering if
someone has faced the same problem and how it was solved.

Thanks in advance.

The apache error log (debug mode) of AG shows the next:

Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1872): OpenSSL: Handshake: start
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1880): OpenSSL: Loop: before/accept initialization
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1907):
OpenSSL: read 11/11 bytes from BIO#7f419b0670d0 [mem: 7f419b0bd6a0] (BIO
dump follows)
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1840):
+-------------------------------------------------------------------------+
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0000: 16 03 00 00 59 01 00 00-55 03 ....Y...U.
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1883): |
0011 - <SPACES/NULS>
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1885):
+-------------------------------------------------------------------------+
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1907):
OpenSSL: read 83/83 bytes from BIO#7f419b0670d0 [mem: 7f419b0bd6ab] (BIO
dump follows)
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1840):
+-------------------------------------------------------------------------+
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0000: 39 2a e5 53 0d a3 5d 89-04 1b 4b ea a4 28 91 47 9*.S..]...K..(.G
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0010: 0e 49 35 1c 3b fe b7 63-12 96 13 99 28 dd 7f ff .I5.;..c....(...
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0020: 20 3a 9a 0e d9 2a 4e 4f-66 d7 5e cc e2 4c 3a 36 :...*NOf.^..L:6
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0030: 1e fc 26 ab 86 31 0c 4b-9e 72 71 a1 31 7d 97 63 ..&..1.K.rq.1}.c
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0040: 5d 00 0e 00 04 ff e0 00-0a 00 64 00 62 00 03 00 ].........d.b...
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1879): |
0050: 06 01 ..
|
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1883): |
0083 - <SPACES/NULS>
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1885):
+-------------------------------------------------------------------------+
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_scache_shmcb.c(393):
ssl_scache_shmcb_retrieve (0x3a -> subcache 26)
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_scache_shmcb.c(708):
shmcb_subcache_retrieve found no match
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_scache_shmcb.c(408):
leaving ssl_scache_shmcb_retrieve successfully
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1738): Inter-Process Session Cache: request=GET
status=MISSED
id=3A9A0ED92A4E4F66D75ECCE24C3A361EFC26AB86310C4B9 E7271A1317D97635D
(session renewal)
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1880): OpenSSL: Loop: SSLv3 read client hello A
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1880): OpenSSL: Loop: SSLv3 write server hello A
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1880): OpenSSL: Loop: SSLv3 write certificate A
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1880): OpenSSL: Loop: SSLv3 write server done A
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1880): OpenSSL: Loop: SSLv3 flush data
Aug 14 12:50:11 serverAG httpd[16092]: [debug] ssl_engine_io.c(1918):
OpenSSL: I/O error, 5 bytes expected to read on BIO#7f419b0670d0 [mem:
7f419b0bd6a0]
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1909): OpenSSL: Exit: error in SSLv3 read client
certificate A
Aug 14 12:50:11 serverAG httpd[16092]: [debug]
ssl_engine_kernel.c(1909): OpenSSL: Exit: error in SSLv3 read client
certificate A
Aug 14 12:50:11 serverAG httpd[16092]: [info] (104)Connection reset by
peer: SSL handshake interrupted by system [Hint: Stop button pressed in
browser?!]
Aug 14 12:50:11 serverAG httpd[16092]: [info] Connection closed to child
1802 with abortive shutdown (server integembsp.server:443)

************************************
Aug 14 12:50:13 serverAG httpd[16092]: [info] Connection: Client IP:
X1.X1.X1.X1, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
************************************
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../prerror.cpp(637):
AM#604603400 AMDEVICEID#ag-1C13843D9A4989CF:
AMAUTHID#F15C80FB21663B5D09AFC81F1CF54357: AMEVENTID#10778: Data Not
Available:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../prerror.cpp(637):
AM#604603400 AMDEVICEID#ag-1C13843D9A4989CF:
AMAUTHID#F15C80FB21663B5D09AFC81F1CF54357: AMEVENTID#10778: Data Not
Available:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] mod_proxy_ajp.c(687):
proxy: got response from 127.0.0.1:9009 (127.0.0.1)
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] proxy_util.c(2059):
proxy: AJP: has released connection for (127.0.0.1)
Aug 14 12:50:14 ServerAG httpd[16092]: [warn] AMEVENTID#10778:
FF:fillInteractive FormFill Policy :mastercdnForm_Fill_Intranet3310
Inject JavaScript Policy: mastercdnForm_Fill_Intranet3510 , referer:
https://idsinteg.domain.com/nidp/idff/sso?sid=0&sid=0
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../amlogging.cpp(163):
AMEVENTID#10778: xForwaredForSrcIP = 1346911242, referer:
https://idsinteg.domain.com/nidp/idff/sso?sid=0&sid=0
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] mod_proxy_http.c(2030):
proxy: end body send
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] proxy_util.c(2059):
proxy: HTTPS: has released connection for (X1.X1.X1.X1)
Aug 14 12:50:14 ServerAG httpd[16092]: [debug]
mod_proxy_balancer.c(646): proxy_balancer_post_request for
(balancer://bal_intranets)
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../amlogging.cpp(163):
AMEVENTID#10778: xForwaredForSrcIP = 1346911242, referer:
https://idsinteg.domain.com/nidp/idff/sso?sid=0&sid=0
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../prerror.cpp(637):
AM#604600001 AMDEVICEID#ag-1C13843D9A4989CF:
AMAUTHID#F15C80FB21663B5D09AFC81F1CF54357: AMEVENTID#10778: status:200
GET https://app.domain.com/ <010092000a3c4850011688a94b097a63e02b6aeb>
X-Mag:
<1C13843D9A4989CF;e02b6aeb;10778;usrLkup->0;usrBase->0;LocUsr;getPRBefFind->0;getPRBefFind->0;PRAfterFind->0;intranet;Contract-valid->0;intranets;default;SH;FF1End->0;FP2->0;WS=bb24f1bc;default;setupFF-interested;FF4Begin->825;mastercdnForm_Fill_Intranet3310;SendSoapSta rt->825;DataNA;NEPXurn~3Anovell~3Acredentialprofile~3 A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D;DataNA; NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D;Sen dSoapExit->949;FF4GUD->949;FF4End->949;FP4->949;C005;>
[YY.YY.YY.YY:58119->ZZ.ZZ.ZZ.ZZ:443]service:intranets (1816:1) -

************************************************** ************************

Aug 14 12:50:14 ServerAG httpd[16092]: [info] AMEVENTID#10779: received
status 302 from server, referer: https://app.domain.com/
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] mod_proxy_http.c(1926):
proxy: start body send
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] mod_proxy_http.c(2030):
proxy: end body send
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] proxy_util.c(2059):
proxy: HTTPS: has released connection for (X1.X1.X1.X1)
Aug 14 12:50:14 ServerAG httpd[16092]: [debug]
mod_proxy_balancer.c(646): proxy_balancer_post_request for
(balancer://bal_intranets)
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../amlogging.cpp(163):
AMEVENTID#10779: xForwaredForSrcIP = 1346911242, referer:
https://app.domain.com/
Aug 14 12:50:14 ServerAG httpd[16092]: [debug] ../prerror.cpp(637):
AM#604600001 AMDEVICEID#ag-1C13843D9A4989CF:
AMAUTHID#F15C80FB21663B5D09AFC81F1CF54357: AMEVENTID#10779: status:302
POST http://tinyurl.com/q76v9p9
<010092000a3c4850011688a94b097a63e02b6aeb> X-Mag:
<1C13843D9A4989CF;e02b6aeb;10779;usrLkup->0;usrBase->0;LocUsr;getPRBefFind->0;getPRBefFind->0;PRAfterFind->0;intranet;Contract-valid->1;intranets;default;SH;FF1Endp->1;FP2->1;WS=bb24f1bc;default;setupFF-interested;FF4Begin->26;mastercdnForm_Fill_Intranet3310;FF4-reinsert->26;FF4End->26;FP4->26;>
[YY.YY.YY.YY:58119->ZZ.ZZ.ZZ.ZZ:443]service:intranets (1816:2)
https://app.domain.com/portal/site/i...emplate.LOGIN/


Thanks!
David.


--
DavideMD
------------------------------------------------------------------------
DavideMD's Profile: https://forums.netiq.com/member.php?userid=10141
View this thread: https://forums.netiq.com/showthread.php?t=54072