000013469 - All Authentications fail  no errors or messages shows in realtime authentication monitor ( evaluation license )

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013469
Applies ToAuthentication Manager 8
IssueAll Authentications fail, no errors or messages shows in realtime authentication monitor
check using :
netstat  -an  |  grep  5500 
The port for securid  5500/udp  is not listening. The port 5500/tcp may or may not be listening .   The 5500/udp port may not stop listening immediately on the license expiration, but if services are restarted with an expired license, this port will not be listening.
CauseAn evaluation license has expired, or a system did have an evaluation license in the recent past.
A license violation has occurred, possibly from having more users with tokens than are allowed by the active user limit
ResolutionIf the license has expired, get an updated evaluation license with a newer expiration date, or new full permanent Production license.  You will need to uninstall the old expired license through the Security Console,
 before importing the new license.
If a license violation has occurred, address the violation, this may require reducing the number of active users below the limit, or increasing the number of active users allowed by the license, or reducing the number of active users below the limit.
Once the license issue has been addressed, the RSA Services need to be restarted to enable authentication. A few ways of doing this:
1. Apply the latest AM patch through the Operations Console, this will also apply security and bug fixes.
2. Reboot the appliance through the Operations Console
3. if you have console or SSH access , login with the rsaadmin account.  Restart services with:
  cd  /opt/rsa/am/server
 ./rsaserv restart all

NotesAuthentication Manager AM8.1 can use a AM8.0 license . AM8.0 can NOT use a AM8.1 license, and it takes significant additional time to order the older AM8.0 license.  If you are only able to get a AM8.1  license for a AM8.0 system,
use the AM8.0 > AM8.1 Upgrade Patch on ALL AM8.0 systems , preferably before removing the old license.  Also, apply the latest AM8.1 Service Pack and  patch to the upgraded systems.
If you try to use a Production license without uninstalling the Evaluation license, you may get an error:
"The customer account identifier in the license does not match that stored in the system"
Legacy Article IDa63552