|Applies To||RSA Authentication Manager 8.0|
|Issue||Verify that the required ports are open on primary and replica servers|
Cannot attach replica server
Cannot authenticate to one or more servers
RADIUS authentication fails
RADIUS replication fails
Cannot access Security, Operations or Self Service console
Replication is failing
Offline days files are not being updated
Auto registration fails
|Cause||Firewall is blocking ports|
iptables have been changed
Name resolution is incorrect
Network configuration or hardware problems
1. Establish an ssh session to the appliance you wish to run the test from
2. Enter the following commands where <FQDN> is the fully qualified domain name for the system whose ports you want to test and <PORT> is one of the following port numbers (test each of these):
a. openssl s_client -connect <FQDN>:<PORT>
b. Ports to test: 5500, 5550, 7004, 7072, 1812, 1813 (sometimes 5580)
3. You should see a ?CONNECTED? message. You may or may not see a ?handshake failure? as well as additional connection information. All of this can be ignored as we are only interested in the ?CONNECTED? portion of the message.
4. If the port is blocked you will see a ?Connection refused? message.
5. To cancel a connection, press <Ctrl><C>.
If a port is blocked it may be due to one of several reasons. The most common are likely to be:
? Hardware firewall between the systems
? iptables have been modified
? Name resolution is not correct
? Router problems
Problems that can be caused by a blocked port include, but are not limited to:
? Cannot attach a replica server
? Cannot authenticate to one or more servers
? SecurID native authentication works but RADIUS authentication fails
- Web Tier connection fails
? Cannot access Security Console, Operations Console or Self Service Console
? Replication is failing
? Offline authentication (5580) day files are not being updated
? Auto registration fails
For more information on using ssh to connect to the server, please see the Authentication Administrator's Guide.
For more information on which ports are used, please see the Authentication Manager Setup & Configuration Guide.
For additional information, please see a55632.
|Legacy Article ID||a62610|