000014723 - AM8 web tier shows as offline or pending connection

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014723
Applies ToRed Hat Enterprise Linux, RHEL RHEL4 RHEL5
IssueAM8  web tier shows as offline
customer is sure the web tier server is online
AM8  web tier shows as "Pending Connection"
Causecommunication problem with the web tier server. This is usually due to name resolution issues, or a networking problem such as a firewall blocking a port.
ResolutionFirst, Verify the AM8 virtual appliance is listening on port 7022, with the built-in openssl utility. Use the syntax:
openssl s_client -connect (the name or IP of the AM8 server):7022
You should get a response that looks similar to :
am8pri:/home/rsaadmin # openssl s_client -connect am8p.vcloud.local:7022
depth=1 /CN=RSA root CA for am8pri.vcloud.local/serialNumber=2ebf8701ad9568c2f7815ca3f23f6a13547954d735f80d980b66f9a7d3b6292e
verify error:num=19:self signed certificate in certificate chain
verify return:0
23421:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1094:SSL alert number 42
23421:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Once this is done, test connectivity from the Web Tier to the server.  If the Web Tier is on Red Hat Linux, use the built-in openssl utility in the same way it was done on the AM8 appliance.
 If the Web Tier server is installed on Win2008, get the open-source openssl utility. A less useful alternative is to install and use the telnet client, but this will only allow you to see if a connection can be made to 'something' on 7022,  and not show any ssl information, which can be misleading.
An example of the Web Tier port 7022 being blocked by a firewall or networking issue:
openssl s_client -connect primary.company.com:7022
Loading 'screen' into random state - done
connect: No such file or directory

An example of the Primary not listening on the Web Tier port, or a misconfigured firewall accepting the conenction but not processing it correctly:
openssl s_client -connect primary.company.com:7022
connect: Connection refused

Other examples of different numbers  for connect:errno=x are available on the internet
NotesAlso see   A63594  for Name Resolution issues
Legacy Article IDa62748