Skip links

Web Agent: Unable to resolve agent name

This week we have a post about troubleshooting a web agent that is unable to resolve its agent name. As always, we present the reported issue, what we found during troubleshooting, and how the problem was remedied.

IssueWeb Agent: Unable to resolve agent name
SymptomsAfter attempting to authenticate, users receive the following error in the browser:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
TroubleshootingWe asked the client to check the web agent log for any errors. They provided the following:

[10518/2244798208][Fri Jan 08 2021 18:14:32][CSmHttpPlugin.cpp:495][ERROR][sm-HTTPAgent-00050] Unable to resolve agent name for host ''. Exiting with HTTP 500 server error '00-0001'.

We asked the client for the values associated with the following web agent parameters:


DisableDNSLookup no

DefaultAgentName undefined

The client had recently updated their Apache web servers to the latest version. During the upgrade, they added additional web server instances to the server machine. The new instances would not serve the same content as the existing web site and, as a result, required unique web agent identities.
ConditionThe AgentName parameter was configured to use the IP address of the web server (instead of the Fully Qualified Distinguished Name (FQDN)) and the DefaultAgentName parameter was undefined.
CauseThe web agent could not determine the appropriate web agent identity for the protected resource. The request made to the web server used, but the agent identity was mapped to the IP address ( Additionally, there was no value set for the DefaultAgentName parameter.
RemedyWe had the client change the web agent values to the following:

• AgentName:

DisableDNSLookup Yes

DefaultAgentName acme-apa-inst-01

The requested changes added the FQDN of the web server instances to the AgentName. Additionally, we had them set the DefaultAgentName to a valid web agent name; this would prevent an HTTP 500 error if the AgentName parameter was not properly configured in the future.

We also had the client change DisableDNSLookup to ‘yes’. This modification protects the web agents against DNS Denial of Service attacks. This was not required to address the original issue, but it is a best practice.

After restarting the web server and attempting to login, the issue was resolved.

As always, we hope that you have found this information useful. If you need IAM assistance, reach out to SIS today and we would be happy to assist you. And subscribe to our newsletter to be notified about the posting of future articles and other SIS news.


If you want to know our recent offer please subscribe to our newsletter