000015774 - Using openssl as a substitute for telnet on RSA Authentication Manager 8.0

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015774
Applies ToRSA Authentication Manager 8.0
telnet openssl
IssueVerify that the required ports are open on primary and replica servers
Cannot attach replica server
Cannot authenticate to one or more servers
RADIUS authentication fails
RADIUS replication fails
Cannot access Security, Operations or Self Service console
Replication is failing
Offline days files are not being updated
Auto registration fails
CauseFirewall is blocking ports
iptables have been changed
Name resolution is incorrect
Network configuration or hardware problems

1.       Establish an ssh session to the appliance you wish to run the test from

2.       Enter the following commands where <FQDN> is the fully qualified domain name for the system whose ports you want to test and <PORT> is one of the following port numbers (test each of these):

a.       openssl s_client -connect <FQDN>:<PORT>

b.      Ports to test: 5500, 5550, 7004, 7072, 1812, 1813 (sometimes 5580)

3.       You should see a ?CONNECTED? message.  You may or may not see a ?handshake failure? as well as additional connection information.  All of this can be ignored as we are only interested in the ?CONNECTED? portion of the message.

4.       If the port is blocked you will see a ?Connection refused? message.

5.       To cancel a connection, press <Ctrl><C>.

If a port is blocked it may be due to one of several reasons.  The most common are likely to be:

?         Hardware firewall between the systems

?         iptables have been modified

?         Name resolution is not correct

?         Router problems

Problems that can be caused by a blocked port include, but are not limited to:

?         Cannot attach a replica server

?         Cannot authenticate to one or more servers

?         SecurID native authentication works but RADIUS authentication fails

-    Web Tier connection fails

?         Cannot access Security Console, Operations Console or Self Service Console

?         Replication is failing

?         Offline authentication (5580) day files are not being updated

?         Auto registration fails


For more information on using ssh to connect to the server, please see the Authentication Administrator's Guide.

For more information on which ports are used, please see the Authentication Manager Setup & Configuration Guide.

For additional information, please see a55632.

Legacy Article IDa62610