Compartir a través de


JRE Client side detection troubleshooting

IAG 3.7 SP2 supports JRE compliant browsers and non windows machines to be scanned for complaince by IAG server when end user access the IAG portal. To enable client side detection IAG uses the JRE and certain extention to current client side detection model but utilizing the Java Applet.

IAG supports after SP2 the following non-windows operating systems as well. Supported OS includes:

RPM Based Linux Distributions (RedHat Enterprise 4 and 5, Fedora Core 5 and up)
Debian Linux Distributions (Debian 4 and up, Ubuntu 6.10 and up)

Mac OS X version 10.3 and later 

On the browser side IAG also supports following browsers inaddition to Internet Explorer:

Firefox version 2 and later on Windows, Linux and Mac
Safari version 3 and later on Windows and Mac

Java engine has to be JRE 1.5.* and later

At times when using any of the above browsers the end user could get in to a situation where you do see that end point detection is failing. Now to understand what could be a potential problem , as a starter first ensure that you do run the supported version of the OS and browser as per the list provided above. If you do then dump the JRE console logs output to a text file to ensure that you do have to ensure that JRE is correct and error free setup. If you are not sure on how to dump the JRE log, its the Jave icon on the lower right hand side of the task bar showing that JRE is avaialble and running for the client. If you double click on it then you do get the JRE console and that should give you some information like this:

Java Plug-in 1.6.0_16
Using JRE version 1.6.0_16-b01 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\Marc
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

JavaDetectorApplet: checking Java version
JavaDetectorApplet: reported version is 1.6.0_16
JavaDetectorApplet: version is accepted
Opening log at C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\log\applet_10-10-2009.Log
********* Applet started. *********
Version: 3.7.261.0
Reading all input args
Starting...
OS detected: Windows 2003 : Setting Report Server: https://abc.contoso.com/InternalSite/SetPolicy.asp?site\_name=abc\&secure=1
Setting cookie:
<<cookie removed>>
Cookie set.
init
Exec type: INIT started
Installing agent files
Installing file C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\agent_win_helper.jar
File already exists, checking server cache.
Date on local file is: 28-08-2009 19:02:36
Server sent response code: 200
1157415 bytes copied ...
Verifying agent signature.
Extracting...
extractJar( C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\agent_win_helper.jar , C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\ )
Checking for proxy on route to: https://abc.contoso.com/InternalSite/SetPolicy.asp?site\_name=abc\&secure=1
Proxy test: proxy detected proxy:80
Checking if proxy requires authentication
Running AW: C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\AttachmentWiper.exe -x https://abc.contoso.com/InternalSite/Conf/abc1AWDirs.ini -r proxy:80 na -o
Exit value: -1
Checking to see if we should remove old log files.
Launching Proxy with "C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\ProxyProcess_Win.exe" init "IAG Remote Access Agent/abccontosocom/abc1" -a " -d abc.contoso.com -c https://abc.contoso.com/InternalSite/Conf/abc1AWDirs.ini -t 1 -1" -e /InternalSite/CustomUpdate/ABCDomainCheck.vbs;/InternalSite/CustomUpdate/Mac_Check.vbs;/InternalSite/WhaleDetection.vbs  -p "C:\Documents and Settings\Marc\IAG Remote Access Agent/abccontosocom/abc1\log\" -j 1.6.0_16 -m abc.contoso.com -o proxy:80 na

This console should give a lot of information as why could the dection is being failed. Next step is to ensure that the brwoser is enabled for Jave and Java applets to execute. Most of the time I have seen custom scrip is being introduced and that fails only, so the rational approach is to get rid of the custom scrip first and ensure that end point detection works fine without any script as default.

Webmonitor is always a friend and it could show you the failing URLs and policies or possible detection falure causes.

If your OS is windoes but browser is non IE then just for troublshooting you can load IE and confirm if it works with IE or not, if it works with IE then you know its just a broswer side problem and then you should look around broswer related aspect. At times for Java client detection the %userprofile%\IAG Remote Access Agent\<hostname_without_dots>\<trunk_name>\log is useful to point towards any problem. So basically you would get hold of three logs , Attahment Wiper log , if you are running into AW issue. Then you have the applet log if its java applet issue and finally you would see the proxy log , if any proxy is fiddling inthe middle for applet execution.

Last but not least if you still dont understand whats going on then only for testing disable the IAG InternalSite builtin rule for .jar files check on the advance trunk --> rule set tab to see if things work without the rule. if the rule is breaking it then the issue is narrowed down to the rule.