000014162 - RSA Authentication Manager 8.0 Patch 7 - Primary Server IP changed and Radius still holding on to the old IP.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014162
Applies ToRSA Authentication Manager 8.0 Patch 7
RSA Authentication Manager Server had an IP change performed in accordance with the Administration Guide instructions. The IP change had completed successfully.
 
IssueAttempting to connect a replica radius server to a primary that had an IP change successfully completed on.
Replica Radius server fails to synchronize with the Primary Radius Server. The Replica Radius server is reaching out the old primary IP for the replication package.
 
 Authentication_Manager_Logs/radius/sbrsetuptool.log
Log for SBR Install Utility.
  Install Date:03/05/2013 Install Time:09:26:30

 /opt/rsa/am/radius/sbrsetuptool -path /opt/rsa/am/radius -identity primary -secret ******
INFO: SBR Radius services directory is /opt/rsa/am/radius/
INFO: Host Name am8.pslab.com != DNS Name websites068.homestead.com, Replacing Host Name
INFO: SBR Radius server name is websites068.somehostingname.com
INFO: SBR Radius server IP Address is 209.157.71.122

 INFO: The Radius Server on websites068.homestead.com has been defined as a Primary Radius Server 

DNS name resolution has alias or CNAME entry for Primary, returns this alias to primary during Priamry RADIUS setup. the primary sbr logs will have both entries:
 INFO: Host Name <CNAME or Alias> != DNS Name <FQDN of Primary>, Replacing Host Name 

cannot determine radius status, cannot determine replication status, can't determine radius status
 
CauseThe Primary Radius Server seems to be holding on to the old ip. The replica.ccmpkg on the primary has the old IP in it. If that were edited and the new ip put in it would still change back to the old ip when force replication was intiated and the package updated.
 
Resolution

Access the Primary Radius server.
Stop the Radius Server
from /opt/rsa/am/utils run ./rsautil manage-secrets -a listall (obtain the radius secret)
sbrsetuptool -identity PRIMARY -secret <secret from manage-secrets listall>


started radius server


intiate replication selected from SC


new replica.ccmpkg created in radius folder now contains correct ip for primary server


Replica was still showing status unknown.
Went on the replica and stopped radius service


ran
sbrsetuptool -identity REPLICA -primary <fqdn primary> <ip primary> <secret from mange-secrets listall>


started radius server


initiate replication from primary SC


Replica now shows "synchronized"


Short fix: cd /opt/rsa/am/radius
./sbrsetuptool -identity PRIMARY            on the Primary

/sbrsetuptool -identity REPLICA             on Replica
 
Legacy Article IDa64218

Attachments

    Outcomes