000033091 - In RSA Authentication Manager 8.1, the identity source failover server does not take over if the primary directory server is unavailable

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033091
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
O/S Version: SUSE Linux 10
 
Issue
  • The identity source failover server does not take over if the primary directory server is unavailable when Active Directory servers are configured as external identity source(s).
  • The identity source failover directory server does not take over looking up users if the primary directory is unavailable.
  • The Test connection succeeds for the directory server failover URL, but the Authentication Manager server does not try to contact the failover directory server unless the identity source connections are switched between the primary and failover directory server URLs.
CauseIf the primary Domain Controller is not online, sometimes it fails to connect to the failover Domain Controller due to timeout.
ResolutionThis issue has been reported in defect AM-29555.  It has been resolved in Authentication Manager 8.1 SP1 patch 13. Please use this link to download Authentication Manager 8.1 SP1 patch 13 or later.  
NotesBe sure to review the patch installation readme and apply the patch to the primary instance before applying the patch to the replica instances.
Also, if you have a replicated environment, all replica instances must be running and replicating successfully when you apply the patch to the primary or replica instances. All instances must be able to communicate while the patch is applied.

Attachments

    Outcomes