000021984 - Error:  "106: Web server too busy. Please try again later" appears in web browser when using RSA Authentication Agent for Web for Apache

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000021984
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  RSA Authentication Agent for Web for Apache
IssueThe following errors appears in the web browser when using the RSA Authentication Agent for Web for Apache:
  • Error 106: Web server too busy. Please try again later.
  • Error AceInitializeEx: Failed to read configuration record
ResolutionIf you are not challenged for your Authentication Manager user ID after installing RSA Authentication Agent for Web on a Unix platform, and if you see this error in the web browser, then it is likely that the web server cannot access the files in the /var/ace (or $VAR_ACE, if defined) directory.
  1. Before trying to solve the issue, make sure you know under what user ID the web server is running. For example, the Sun Java Web Server 6.x runs by default as "webservd".
  2. To establish communication with the Authentication Manager server, the web server must be able to read the sdconf.rec and securid files, located in /var/ace. Write permission should be granted on sdstatus.12. Set the permissions accordingly.
  3. Also, make sure the permissions on the /var/ace directory itself are correct. If the permissions are too restrictive (e. g., readable by root only), then there is a good chance you'll continue to experience the problem even after fixing the permissions on the files. The following example shows file permissions and ownership on a working Sun Java Web Server:
[root@fatboy:/var/ace] ls -al
total 16
drwxr-xr-x   2 root     other        512 Apr 28 13:19 .
drwxr-xr-x  36 root     sys         1024 Apr 28 13:14 ..
-rw-r?-r--   1 root     other       1024 Apr 28 11:56 sdconf.rec
-rw-r--r--   1 root     other         25 Apr 26 08:50 sdopts.rec
-rw-r--r--   1 webservd webservd    2418 Apr 28 12:48 sdstatus.12
-r--------   1 webservd webservd     512 Apr 28 12:38 securid

  1. If the authentication agent's debugging is enabled, you'll see the following errors:
File:newsd_api.c Line:31 # Entering SD_Init()
File:acexport.c Line:108 # Entering AceInit()
File:acinit.c Line:93 # Entering AceInitializeEx()
File:acinit.c Line:102 # AceInitializeEx: RSA ACE/Agent Version 5.3 [747]
File:acinit.c Line:125 # AceInitializeEx: Failed to read configuration record
File:acexport.c Line:114 # Leaving AceInit() return: 201
File:newsd_api.c Line:38 # Leaving SD_Init() (not in processing) return: 201

  1. You can enable the authentication agent's debugging by setting the following environment variables:
RSATRACELEVEL=15
RSATRACEDEST=/tmp/ACEdebug
export RSATRACELEVEL RSATRACEDEST

  1. Once debug is enabled, be sure to restart the web server.
Legacy Article IDa26030

Attachments

    Outcomes