000031807 - How to properly utilize Citix Netscaler load balancer to work with the RSA Authentication Manager 8.1 SP1 Web Tier

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 24, 2018
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000031807
Applies ToRSA Product Set: SecurID 
RSA Product/Service Type: Authentication Manager Web Tier
RSA Version/Condition: 8.1 Service Pack 1 Patch 2 (8.1.2)
IssueWhen connecting to or more Web Tiers with the Citrix NetScaler load balancer, the error message below is displayed:

Unable to process the request
CauseThe is normally due to a misconfiguration on the load balancer itself; such as one of the examples below:
  1. The session is not set to round robin,
  2. The session is not preserved as source IP,
  3. The protocol used is set to SSL.
ResolutionTo resolve the issue, ensure the following settings:
  1. Make sure the proper ports are open, as per the RSA Authentication Manager 8.1 Setup and Configuration Guide.
  2. Make sure that sessions between Web Tiers are set to round robin.
  3. Make sure the session is set to Source IP (that is, sticky session).
  4. Make sure the protocol used is set to SSL_TCP.
WorkaroundAs a quick exclusion of any issue from the Web Tier side:
  1. Set the virtual hostname to one of the Web Tier's hostname and/or IP.
  2. Shut down the other Web Tier.
  3. Enable one web tier and remove the load balancer from the equation.
  4. If Self-Service worked properly, then the issue is a load balancer misconfiguration.