This article has been archived and is no longer maintained by ForgeRock.
The following error is shown in the amAgent debug log:2015-10-08 14:23:09.282 -1 3148:da27a25490 AuthService: BaseService::doRequest() NSPR failure while sending to https://example.com:8443/openam/authservice, error = -12268
The event logs show a crash with the following details:Faulting application path: c:\windows\system32\inetsrv\w3wp.exe Faulting module path: C:\openam\web_agents\iis7_agent\bin\amsdk.dll
The following error is shown in the browser:403 - Forbidden: Access is denied.
The failure is temporarily resolved by a manual restart of the IIS web server.
Upgraded to IIS Policy Agent 3.3.4.
When worker process recycling is enabled, the IIS recycle creates a new process first and only then shuts down the old process(es), meaning multi-processes are active simultaneously. The current IIS policy agent supports single worker processes and a single application pool with full server stops and restarts (no recycling).
This issue can be resolved by upgrading to IIS Web Policy Agents 4 or later; you can download this from BackStage.
Alternatively, this issue can be resolved by ensuring the IIS policy agent 3.3.4 is configured correctly. In particular:
- You only have one worker process per application pool.
- You are not sharing application pools with other sites.
- The IIS worker process recycling setting is switched off as recycling is not supported by IIS 3.x policy agents.
- The following OpenAM IIS policy agent configuration parameter is set to off: com.forgerock.agents.nss.shutdown = off
See How do I configure IIS Policy Agents 3.x for improved stability? for further information on configuring the IIS policy agent as per these recommendations.