Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038163 - Name or service not known error when connecting Identity Router (IDR) to RSA Authentication Manager

Document created by RSA Customer Support

on Jan 6, 2020•Last modified by RSA Customer Support

on Jul 7, 2020

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038163
Applies To	RSA Product Set: SecurID Access RSA Product/Service Type: Identity Router
Issue	After completing steps to Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service, the Identity Router > Authentication Manager connection fails. The following error is seen: 2019-11-08/16:29:28.607/UTC [pool-4-thread-11] ERROR com.rsa.authagent.authapi.v8.logger.b[?] - the current host is unknownde-sal-v-rir001: de-sal-v-rir001: Name or service not knownIDRHOSTNAME: IDRHOSTNAME: Name or service not known 2019-11-08/16:29:28.607/UTC [pool-4-thread-11] ERROR com.rsa.nga.sidproxy.SidAuthentication[265] - Failed to verify session factory com.rsa.authagent.authapi.AuthAgentException: com.rsa.authagent.authapi.AuthAgentException: the current host is unknownIDRHOSTNAME: IDRHOSTNAME: Name or service not knowndIDRHOSTNAME: IDRHOSTNAME: Name or service not known Where, IDRHOSTNAME is the portal hostname of the IDR defined in step 8 of Add an Identity Router using the Cloud Administration Console.
Cause	This error shows that the IDR is not able to resolve its own portal hostname. Note: the Identity Router's portal hostname FQDN can be viewed in either of two places: In the Cloud Administration Console Platform > Identity Routers page, select Edit on the Identity Router. The FQDN is in the Portal Hostname field. In the Identity Router's Setup Console, on the Network Settings page, under Protected Application Configuration. The FQDN is in the Identity Router HostName field. The two fields that are listed above should have the same value.
Resolution	Perform the following on all IDRs in your deployment: If the IDR has two NICs: Add a static DNS entry that maps the IDR's portal hostname to its portal interface IP address. Include both the portal hostname FQDN and shortname (separated by a space) as the alias value. See step 14 of Add an Identity Router using the Cloud Administration Console. If the IDR has a single NIC: Add a static DNS entry that maps the IDR's portal hostname to its interface IP address. Include both the portal hostname FQDN and shortname (separated by a space) as the alias value. Adding a static DNS entry should be enough to resolve the issue; however, it should also be verified that there is an A record in DNS that maps the IDR's portal hostname to either: If the IDR has two NICs, use its own portal interface's IP address. If the IDR has a single NIC, use its own management interface's IP address. These required tasks are listed in the document on how to Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service.
Notes	See also Identity Router DNS Requirements. The portal interface of the IDR is also known as the proxy interface of the IDR.

Attachments

Outcomes

0 Comments

Recommended Content