000026219 - Error: 'Lock manager server rejected client connection from: xxxxxxx' in RSA Authentication Manager' on a multihomed system

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026219
Applies ToRSA Authentication Manager 6.0
RSA Authentication Manager 6.1
RSA Authentication Manager 6.1 - Re-mastered
RSA Authentication Manager 6.1 Patch 1
Microsoft Windows
RSA Authentication Manager server installed on a multi-homed machine
IssueError: "Lock manager server rejected client connection from: xxxxxxx" in RSA Authentication Manager
Lock manager server rejected client connection from: servername.domain.com in the windows application event log
Sample Windows Application Log msg.
11/14/20069:59:00 AMACESERVER6.1InformationLOCK MANAGER 15093N/AservernameLock manager client established connection to: servername.domain.com
11/14/20069:59:00 AMACESERVER6.1InformationLOCK MANAGER 15094N/AservernameLock manager client closed connection to: servername.domain.com
11/14/20069:59:00 AMACESERVER6.1ErrorLOCK MANAGER 15097N/AservernameLock manager server rejected client connection from: servername.domain.com
ResolutionThe lock manager uses the wrong source IP address when talking to itself on a multi homed machine. To correct this issue, the preferred method is to configure the system to have only one IPv4 address.
If this cannot be done, a workaround is to set the SD_HIGH_AVAILABILITY environment variable on the Authentication Manager server to a value of "1" using the following steps:
- Right-click "My Computer" --> select Properties --> select Environment variables --> select System variables --> New ...
- Reboot the machine
==================
In Linux, Unix:
 

Since this is referring to a multihomed machine, an overriding IP address will need to be set when using SD_HIGH_AVAILABILITY .  Some agents for Windows can have IP Address Override configured through a GUI. You can also create a file called sdopts.rec, this file will need to look like;


CLIENT_IP=xxx.xxx.xxx.xxx (ip address configured in use)


saved as: "sdopts.rec" in the Win\System32 directory


or for Linux place sdopts.rec in <ace>/data 

Legacy Article IDa25614

Attachments

    Outcomes