|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.0.x, 7.1.x, 7.2.0
|Issue||The RSA Identity Governance & Lifecycle remote AFX (Access Fulfillment Request) Server fails to start and is unable to communicate with the RSA Identity Governance & Lifecycle application server.|
|Cause||This issue may occur if a firewall rule on a customer network appliance is actively blocking SSL connections on port 8444.|
This connection failure is similar to other SSL connection issues between AFX and RSA Identity Governance & Lifecycle except there are no additional details about the reasons for the SSL failure. The certificates may be correct but the SSL connection is being abandoned before the SSL handshake can be completed. The only failure is the SocketException.
A packet capture on the remote AFX Server will show that the SSL Client Hello is being sent to RSA Identity Governance & Lifecycle but the TCP transmission is being terminated by an RST packet inserted into the network stream.
A packet capture on the RSA Identity Governance & Lifecycle server will show that the SSL Client Hello message did not reach the AFX Server and that the TCP transmission was terminated by an RST packet that was inserted into the network stream.
|Resolution||Have the network administrator remove the firewall rule preventing SSL binds to port 8444.|