|Applies To||RSA Authentication Manager 8.x, AM 8, AM 8.0, AM 8.0.7, AM 8.1, AM 8.1.0, AM 8.x, AM 8.1.1|
|Issue||With RADIUS authentication requests, the Real Time Authentication Monitor may show no entry for several reasons, so check the RADIUS Client statistics to look for Rejects in AM 7.1, 8.0 and 8.1, or silent discards in AM 6.1 (see KB a53250)|
Authentication request are silently discarded or dropped, with nothing in the Real Time Authentication Monitor or Authentication Activity Report.
TCPDUMP or WireShark or Sniffer network packet capture shows Authentication Requests on UDP port 5500, but no replies coming back out of the AM server.
See KB a63468 for instructions on TCPDUMP in AM 8.x, basically sudo su -
Proof of a silent discard will be seen in /opt/rsa/am/server/logs/imsTrace.log
If Logging is set to verbose, Source IP address of unknown agent will be listed in error like this:
|Cause||A silent discard is a dropped authentication request with no entry in the Real Time Authentication Monitor or Authentication Activity Report. In AM 8, unknown authentication agents werel be silently discarded. This is still true as of Q1 2014 with AM 8.0.7 and AM 8.1.0, but may change in the future.|
Silent discard can also occur when the AM 8.x Server does a reverse name lookup nslookup <ip address> of the Agent IP address and a name different from the configured agent name (including no name) is returned from DNS or /etc/hosts - This should be fixed in AM 8.0 P8.
|Resolution||If no authentication agent exists - create one.|
If agent exists but you still get silent discards, verify that:
1. The IP address is correct
2. Agent is not disabled
3. Agent Name is spelled correctly - compare with reverse DNS lookup of IP, if nslookup <IP_address> returns a name different then you have in Authentication Agent, either fix name resolution or change the name in the Security Console
4. You may need to delete and re-create the Authentication Agent
If this is a RADIUS client, you may need to regenerate the node secret for the RADIUS Server entry, or the RADIUS Client's associated Agent host. RADIUS silent discards can be seen in RADIUS client statistics.
|Legacy Article ID||a64464|