WebGate Generates Error "Failure to connect to Access Server"

After configuring WebGate 11g with Oracle Access Manager (OAM) 11g Server, attempts to access any page using the WebGate webserver hostname and port fail with either HTTP-500 Internal Server Error or message "The AccessGate is unable to contact any Access Servers".

Example WebGate oblog.log message:

ACCESS_GATE ERROR ade/aime_ngamac_497961/ngamac/src/palantir/webgate2/src/isprotected.cpp: "Failure to connect to Access Server" HTTPStatus^500 Error^The Access Server has returned a fatal error with no detailed information.

What is causing the error:

The error indicates that the WebGate is unable to communicate with the OAM Server.

WebGate uses it's agent artifact files to know which OAM Server host and port to connection to, using which agent password, and in what communication mode.

Artifact files are:

ObAccessClient.xml                  --  WebGate agent configuration file generated/updated via OAM Console or RREG, should never be updated directly

cwallet.sso                                  --   11g WebGate only, agent key

password.xml                              --   Simple/Cert mode only, contains Simple mode passphrase or Cert mode agent key

aaa_key.pem                               --   Simple/Cert mode only, contains the WebGate certificate key

aaa_cert.pem                              --   Simple/Cert mode only, contains the WebGate Simple/Cert mode certificate

aaa_chain.pem                            --  Cert mode only, contains the root Certificate Authority certificate, and sub-CA certificates if applicable

• It could be that the agent artifacts have not been copied over from the OAM Server to the WebGate configuration directory after agent registration, or not all files have been copied.
• The agent password may have been changed in the agent configuration but the modified artifact files not been copied over to the webgate configuration directory.
•  The communication mode of the agent has been changed but the new artifacts and certificates have not been copied over.
• Any discrepancy between the configuration of the agent in OAM Console and the artifacts in the webgate configuration directory will cause this communication failure.
• If there is any SSL handshake failure due to missing root CA certificates the communication will fail.

Solutions: 

• To resolve, try copying over all the necessary artifacts for the selected agent communication mode from the OAM Server to webgate configuration directory again, and restart the WebGate webserver.
•  Delete and re-register the agent, then copy over the new artifacts.