000016236 - AM8 web tier shows as offline  but Web tier services are running

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016236
Applies ToAuthentication Manager Version 8 (AM8)
Web Tier deployment
IssueWeb Tier offline , but Web Tier services are running
 
CauseName resolution issues with the AM8 server and/or Web Tier
 
Resolution

This is usually due to name resolution issues, or networking issues such as a misconfigured firewall blocking ports.



On the AM8.x appliance, enable SSH through the Operations Console, if this has not been done already. Connect to the AM8.x server by  SSH:  
login: rsaadmin
password: (the Operating System password supplied during setup)  
sudo su
password (use the password from above)  
Test 1, from the AM8.x Server:   
nslookup       (to the IP address, NOT the name, of the Web Tier server)  
If nslookup returns incorrect name information, this is not acceptable. NSlookup to the IP address needs to either return correct name information, or none at all.   If nslookup  fails to return a name, this MAY be acceptable, provided all hosts file on all AM8 server(s)  are properly configured to include information on all Web Tier servers, and Test 2 passes.  The hosts file needs to be configured as
ipaddress       fqdn       shortname        (all lowercase)
 If nslookup returns incorrect name information, fix Reverse-DNS .  
Test 2 from the AM8.x server:
ping (the FQHname of the Web Tier server)
ping (the short name of the Web Tier server)  
The AM8 Server needs to be able to resolve the IP address of the Web Tier Server, and not have routing issues
Test 3 from the Web Tier server:
nslookup     (to the IP address, NOT the name, of the AM8 server)  
If nslookup returns incorrect name information, this is not acceptable. NSlookup to the IP address needs to either return correct name information, or none at all.   If nslookup  fails to return a name, this MAY be acceptable, provided all hosts file on all Web Tier server(s)  are properly configured to include all AM8 servers, and Test 4 passes.  The hosts file needs to be configured as
ipaddress       fqdn       shortname     (all lowercase)
 If nslookup returns incorrect name information, fix Reverse-DNS .  
Test 4 from the Web Tier server:
ping (the FQHname of the AM8 server)
ping (the short name of the AM8 server)  
The Web Tier Server needs to be able to resolve the IP address of the AM8.x Server, and not have routing issues
Test 5  from the Web Tier server:
See A62748 to verify proper SSL connectivity between the Web Tier and AM8.x servers using OpenSSL .  

Legacy Article IDa63594

Attachments

    Outcomes