000025599 - How to limit the number of authentication back-end processes started by RSA Authentication Manager (ACE/Server) on multi-processor platforms

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025599
Applies ToRSA ACE/Server on multi-processor platforms
RSA ACE/Server limit backend servers limit number of backend processes Solaris
RSA Authentication Manager backend servers back end servers
 
IssueHow to limit the number of authentication back-end processes started by RSA Authentication Manager (ACE/Server) on multi-processor platforms
Some back-end processes (_aceserver_be) become hung after shutting down RSA Authentication Manager broker processes
(4) ACESERVER : SQL Message: svce8346.r Database sdserv not connected. (1006)
(5) ACESYNCHD : Unable to Retrieve the system record.
(4) ACESERVER : Cannot read system record (-1).
'can't lock token' seen in the activity log during XR authentication
 
Cause

It is not possible to distinguish between front-end and back-end processes with RSA ACE/Server 4.x.


The first authentication process started by ACE/Server is the front-end process; this then starts the back-end processes running. In ACE/Server 4.x, both front- and back-end processes have the same name of 'acesrvc_fe' whereas for RSA Authentication Manager the process name for the front-end process is called 'acesrvc_fe' and the back-end process is called 'acesrvc_be'. The front-end process is the only process listening on the securid port (5500 by default). It acts as a broker for the back-end processes, and maintains state for negotiated authentications such as New PIN Mode and Next Tokencode mode.
For a single CPU, the front-end process will only start up 2 back-end processes by default. If the machine has more than one CPU, the rule is as follows:
#backends = 2 * #CPUs + 1
Thus, the number of back-end processes started on a quad-processor machine would be 9 ((2 * 4) +1).

Resolution

The minimum number of back-end processes that can be run in an RSA Authentication Manager installation is 1. Set a maximum value of 32 for the number of back-end processes to start for an RSA Authentication Manager 6.1 installed on a Sun Fire T2000 server running Solaris 10. 


To limit the number, follow these steps:
On UNIX:
Set the environment variable NUMBER_BES (NUMBER of Back-Ends) in the .../ace/prog/aceserver startup script, or in whatever startup script you are using to start ACE/Server. For example, if you want to set the number of back-end processes to 2, insert the following line near the top of the startup script:
NUMBER_BES=2;export NUMBER_BES
On Windows NT:
Edit the registry and add the setting:
HKEY_LOCAL_MACHINE/software/SDTI/ACESERVER/CURRENTVERSION\
NumberOfBEServers:REG_SZ : 2


With Authentication Manager 6.1 on Windows


Open the RSA Control Panel application. Select Configure Authentication Processes, read the instructions for the Maximum recommended settings.


** Other related knowledge article - Authentication Manager 6.x on  Sun Fire T1 T1000 T2000 Niagra "coolthreads technology" running Solaris 10 shows many aceserver_be or _be backend rogue processes running after shutdown 

Legacy Article ID6.0.1375272.2748441

Attachments

    Outcomes