000025951 - AM 6.1 How to restore ability to manage RSA RADIUS Server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025951
Applies ToRSA Authentication Manager 6.1
RSA RADIUS Server 6.1 Powered by Funk Steel-Belted RADIUS
IssueHow to restore ability to manage RSA RADIUS Server
RADIUS Administrative Client failed to connect to the RSA RADIUS Server.    option is used is selected from the RSA Authentication Manager Host Mode interface
Error: "RADIUS Administrative Client failed to connect to the RSA RADIUS Server." when trying to manage Primary RSA RADIUS Server
RADIUS Server may still be operating and authenticating but cannot be managed
Resolution

AM 6.1To correct this issue, follow these steps:
- Stop the RADIUS Server. Clear the Node Secret for the Agent Host entry for the RADIUS Server.
- Optional: Start the Log monitor to verify a new node secret is generated and sent to the agent host
- Run the RSAInstallTool from a command prompt (located by default in the C:\Program Files\RSA Security\RSA Radius\Service\ directory) using the following syntax:
    RsaInstallTool.exe -identity PRIMARY
If the Log Monitor is running, you should receive 2 messages:
- Node Secret generated by Server
- Node Secret sent to agent host
- Restart RSA RADIUS Server. Test an authentication, and test Manage RADIUS Server.
For more information, refer to the solution regarding Error: 'Unknown Error executing RADIUS Administrative Client' appears when 'Manage RADIUS Server' option is used is selected from the RSA Authentication Manager Host Mode interface
NOTE: This has only been tested in an environment with a single Primary RADIUS Server running on the Primary RSA Authentication Manager 6.1 host. However, this also worked in an environment with a Replica RADIUS Server, although the Primary is the one that had the problem.


On UNIX (and Linux) the command is slightly different but will work the same way and is ./rsaconfiguretool -identity PRIMARY.

Legacy Article IDa30522

Attachments

    Outcomes