000016941 - Errors 'Server Timeout' and 'User TIME's access is denied' with RSA Access Manager  and RSA SecurID

Document created by RSA Customer Support Employee on Jun 14, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000016941
Applies ToRSA Product: Access Manager 
RSA Product/Service Type: Authentication Manager, java api jar rsa-authapi-java-8.1.1.jar
RSA Version/Condition: 6.x

 
IssueThe following errors are seen in RSA Access Manager with RSA SecurID:

Server Timeout
User TIME's access is denied


RSA SecurID authentication does not work. When the aserver is placed in debug mode using the options -DDEBUG=SECURID, on initial test server message the following is logged:



2013-06-28 11:18:53,765 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - e.a():? - currentServer.checkIP
2013-06-28 11:18:53,767 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - Sending 124 bytes to 10.137.127.25; contents:
67 5 0 2 0 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
0
2013-06-28 11:18:53,768 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.b():? - Enterring getResponse
2013-06-28 11:18:53,769 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - Enterring getTimeoutValue(AceRequest AceTimeRequest[Abstrac
tAceRequest[ hdr=AcePacketHeader[Type=103 Ver=5 AppID=2 Enc=NOT-ENCRYPTED Hi-Proto=5 Opt=0 CirID=0] created=1372439933765 trailer=null] response=none])
2013-06-28 11:18:53,770 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - authRequest is an instance of AceTimeRequest
2013-06-28 11:18:53,771 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - Enterring getTimeoutValue(AceTimeRequest AceTimeRequest[Abs
tractAceRequest[ hdr=AcePacketHeader[Type=103 Ver=5 AppID=2 Enc=NOT-ENCRYPTED Hi-Proto=5 Opt=0 CirID=0] created=1372439933765 trailer=null] response=none])

2013-06-28 11:18:53,772 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - offset: 200
2013-06-28 11:18:53,772 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - increment: 100
2013-06-28 11:18:53,772 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.a():? - consecutive suspensions: 6
2013-06-28 11:18:53,773 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.b():? - Timeout is 800
2013-06-28 11:18:53,774 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - b.b():? - Current retries: 0
2013-06-28 11:18:54,444 DEBUG [pool-5-thread-1] com.rsa.authagent.authapi.logger.b  - e.a():? -  Server Timeout : AcmServerInfo[ serverAddress = 10.137.127
.25 addressStatus = 44 serverStatus = 17 aliases =  aliasOptions = 0 consecutiveSuspensions = 6 averageNetTurnaround = 0 worstNetTurnaround = 0 lastTimeUse
d = 0 runPriority = 10 sdoptsPriority = 0 suspendTime = 1372437993250]


 

Additional error messages for this failure are as follows:



2013-06-28 11:21:39,749 DEBUG [pool-7-thread-1] com.rsa.authagent.authapi.logger.b  - b.b():? - receive timeout: java.net.SocketTimeoutException: Receive t
imed out
2013-06-28 11:21:39,750 DEBUG [pool-7-thread-1] com.rsa.authagent.authapi.logger.b  - a.b():? - Error receiving request: com.rsa.ace.techservice.udpserver.
a: Error receiving packet Timeout: java.net.SocketTimeoutException: Receive timed out
2013-06-28 11:21:39,750 DEBUG [pool-7-thread-1] com.rsa.authagent.authapi.logger.b  - a.a():? - Response status is: 1
2013-06-28 11:21:39,750 DEBUG [pool-7-thread-1] com.rsa.authagent.authapi.logger.b  - a.a():? - Authenticaton failed for TIME !
2013-06-28 11:21:39,750 WARN  [pool-7-thread-1] com.rsa.authagent.authapi.logger.c  - User TIME's access is denied.

Cause

 The Access Manager server which uses the Authentication Manager api jar was on a multihomed host and the Authentication API client is unable to bind to Authentication Manager.

Resolution

You must set the correct IP address from which the authentication will be sent (the IP address of the Access Manager authentication server) in either the aserver.conf or the auth api jar file's rsa_api.properties file.IP.



In the aserver.conf:



cleartrust.aserver.authn.securid_agent_host=



In rsa_api.properties file:



#RSA Authentication API Properties
#Override Host IP Address
RSA_AGENT_HOST=xxx.xxx.xxx.xxx

Notes In the context mentioned in this solution, the User TIME is not a real user or the user that tried to authenticate. It is indicating a timeout on the test server message.
Legacy Article IDa61860

Attachments

    Outcomes