000014162 - RSA Authentication Manager 8.0 Patch 7 - Primary Server IP changed and Radius still holding on to the old IP.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014162
Applies ToRSA Authentication Manager 8.0 Patch 7
RSA Authentication Manager Server had an IP change performed in accordance with the Administration Guide instructions. The IP change had completed successfully.
IssueAttempting to connect a replica radius server to a primary that had an IP change successfully completed on.
Replica Radius server fails to synchronize with the Primary Radius Server. The Replica Radius server is reaching out the old primary IP for the replication package.
Log for SBR Install Utility.
  Install Date:03/05/2013 Install Time:09:26:30

 /opt/rsa/am/radius/sbrsetuptool -path /opt/rsa/am/radius -identity primary -secret ******
INFO: SBR Radius services directory is /opt/rsa/am/radius/
INFO: Host Name am8.pslab.com != DNS Name websites068.homestead.com, Replacing Host Name
INFO: SBR Radius server name is websites068.somehostingname.com
INFO: SBR Radius server IP Address is

 INFO: The Radius Server on websites068.homestead.com has been defined as a Primary Radius Server 

DNS name resolution has alias or CNAME entry for Primary, returns this alias to primary during Priamry RADIUS setup. the primary sbr logs will have both entries:
 INFO: Host Name <CNAME or Alias> != DNS Name <FQDN of Primary>, Replacing Host Name 

cannot determine radius status, cannot determine replication status, can't determine radius status
CauseThe Primary Radius Server seems to be holding on to the old ip. The replica.ccmpkg on the primary has the old IP in it. If that were edited and the new ip put in it would still change back to the old ip when force replication was intiated and the package updated.

Access the Primary Radius server.
Stop the Radius Server
from /opt/rsa/am/utils run ./rsautil manage-secrets -a listall (obtain the radius secret)
sbrsetuptool -identity PRIMARY -secret <secret from manage-secrets listall>

started radius server

intiate replication selected from SC

new replica.ccmpkg created in radius folder now contains correct ip for primary server

Replica was still showing status unknown.
Went on the replica and stopped radius service

sbrsetuptool -identity REPLICA -primary <fqdn primary> <ip primary> <secret from mange-secrets listall>

started radius server

initiate replication from primary SC

Replica now shows "synchronized"

Short fix: cd /opt/rsa/am/radius
./sbrsetuptool -identity PRIMARY            on the Primary

/sbrsetuptool -identity REPLICA             on Replica
Legacy Article IDa64218