Troubleshooting
This table lists some potential problems and resolutions you might encounter with the PingAccess agent for Internet Information Services (IIS).
Issue | Resolution |
---|---|
The Installer fails to successfully install the agent. |
Use the steps listed in the Manual Installation procedure to validate the installation and to manually complete the installation. Review the MSI installer log file for the installation to identify errors. The log file is stored in the Temp directory msiexec /l*v "<location>/paAgentInstaller.log" /i "pingaccess-agent-iis.msi" |
The Uninstall program fails to successfully remove the agent. |
Follow the steps in the Manual Removal to remove the configuration for the PingAccess agent for IIS. |
The PingAccess-Agent/Admin log contains the error |
It is likely that the hostname for the PingAccess engine being accessed does not match the hostname in the certificate used by the agent. Verify the certificate configuration, and if necessary, recreate the certificate for the agent HTTPS Listener and recreate the agent configuration. See PingAccess User Interface Reference Guide in the PingAccess documentation for more information. |
500 series errors accessing protected resources |
This can indicate that the PingAccess agent failed to load, or that the Default Application Pool is stopped. Correct the issue that’s causing the module load failure, and then restart the Default Application Pool. One potential cause of this is that the |
32-bit application pools crashing |
This indicates that IIS attempted to load the PingAccess 64-bit agent module in an application container that is running in 32-bit mode. Modify the preCondition="integratedMode, bitness64" For example: <globalModules> <add name="PingAccessAgentModule" image="c:\Program Files\Ping Identity\PingAccess Agent for IIS\paa-iis-module.dll" preCondition="integratedMode, bitness64" /> </globalModules> |
Agent does not start. Application log contains this error: |
This can indicate a corrupted or invalid |
Agent receives an unknown protocol error when attempting to contact the administrative node |
This can indicate that the operating system is using SHA-1 for encryption. This protocol is no longer supported by default in PingAccess. We recommend switching to SHA-256. If you cannot switch to SHA-256, you can re-enable SHA-1:
|