000032862 - RADIUS replication error after importing a migration package to primary with a new IP address in RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032862
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0/8.1
Platform: SUSE Linux Enterprise
O/S Version: SUSE Linux 11 SP3
Product Description: RSA SecurID Appliance
IssueWhen you import to the production environment, you can update version 8.1 with the latest data from version 7.1 and retain the system settings and deployment topology of version 8.1. 
This option preserves the overall setup that you tested, and you import data that was updated on version 7.1 during the testing period, such as user and token data.
If a primary IP Address was updated, and AM7.1 migration package was imported, then RADIUS Replication fails with an error:
“Initiating Data Transfer”

Critical Notification Event generates as below:
The following critical system event occurred:
RADIUS replication failed. RADIUS replica am81r1.vcloud.local did not acknowledge a replication attempt.

CauseThere is a bug in update scripts missing steps to update RADIUS components correctly on replica instance where Save 'Update Primary Hostname' step was completed after primary IP Address was modified.
WorkaroundMake sure steps followed to update Primary IP address on replica(s):
1. Install 8.1 SP1 Standalone
2. Import Migration Package from 7.1
3. Add a Replica server
4. Confirm replication is healthy (both AM and RADIUS)
5. Change Primary IP address (Operations Console > Administration > Network > Appliance Network Settings)
6. On the Replica, manually modify '/etc/hosts':
Operations Console > Administration > Network > Hosts File
6. Manually modify '/etc/hosts' on both Primary and Replica to have the correct entries (add missing entries, correct Primary IP address etc.)
Operations Console > Administration > Network > Update Primary Hostname
Note: The Primary IP should be correct and 'Test Connection' should be successful
8. Click Save
Note: This among other things configures RADIUS. At this point both AM and RADIUS Replication should be healthy
For subsequent migration import (retaining system setting) scenario:
9. Perform another 7.1 migration but this time select 'Retain system settings and the deployment topology during import.'
10. When finished, on the Replica Go to:
Operations Console > Administration > Network >Update Primary Hostname
Note: The Primary IP should be correct and 'Test Connection' should be successful
11. Click Save
Note: At this point Radius replication should be broken and Initiate replication on the Primary won't be able to resolve the issue.
12. Configuring RADIUS again running the command on both Primary and Replica.
      rsaadmin@am81p:~>cd /opt/rsa/am/config/
      /opt/rsa/am/config> ./config.sh RadiusOCConfig.configure 
13. Then restart RADIUS services on respective instances. You may require click Initiate Replication in some cases.
      rsaadmin@am81p:~>cd /opt/rsa/am/server/
      /opt/rsa/am/server> ./rsaserv restart radius