000038163 - Name or service not known error when connecting Identity Router (IDR) to RSA Authentication Manager fails

Document created by RSA Customer Support Employee on Jan 6, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038163
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type: Identity Router
IssueAfter completing the steps explained in Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service, to add the identity router (IDR) as an authentication agent to the RSA Authentication Manager and connect to it, the connection still fails with the following error:
2019-11-08/16:29:28.607/UTC [pool-4-thread-11] ERROR com.rsa.authagent.authapi.v8.logger.b[?] - the current host is unknownde-sal-v-rir001: de-sal-v-rir001: Name or service not knownIDRHOSTNAME: IDRHOSTNAME: Name or service not known
2019-11-08/16:29:28.607/UTC [pool-4-thread-11] ERROR com.rsa.nga.sidproxy.SidAuthentication[265] - Failed to verify session factory
com.rsa.authagent.authapi.AuthAgentException: com.rsa.authagent.authapi.AuthAgentException: the current host is unknownIDRHOSTNAME: IDRHOSTNAME: Name or service not knowndIDRHOSTNAME: IDRHOSTNAME: Name or service not known


IDRHOSTNAME is the hostname of the proxy interface of the IDR.

CauseThis error shows that the IDR is not able to resolve its own hostname.
ResolutionThere are two options to resolve this issue. Either,
  • Add a static DNS entry that maps the IDR Proxy interface hostname to its ip-address. This can be done from the Cloud Administration Console > Platform > Identity Router > Edit > Settings > Static DNS Entries
  • If in the Management Console under Protected Application Configuration, an FQDN is specified, then from the Management Console under DNS Configuration, there must be two entries for the DNS server, one with specifying the domain name, and another entry with the Domain Field left empty.