|Applies To||RSA ACE/Server 5.0 (no longer supported as of 8-15-2004)|
RSA ACE/Agent 5.0
Sun Solaris 2.6
Microsoft Windows NT 4.0
|Issue||10% of authentications fail when a Replica is switched off and name locking (SD_Lock) is used|
An environment is set up to test authentication against the ACE/Server using an application written with RSA ACE/Agent 5.0 API. The agent is configured to use name locking.
When one of the ACE/Server Replicas is stopped, to test 'fail-over', the Agent authentication fails with 'Access Denied.'
No logs are created on the Primary ACE/Server
|Cause||On earlier versions of RSA ACE/Agent API, the SD_LOCK function would not work correctly. When the Agent contacts an ACE Replica that is down, the agent records the Replica's status in a file called sdstatus.12 to stop it from contacting that host again. In this instance, the file was not being updated, which caused the Agent to repeatedly contact the 'downed' host. As name locking is enabled, no other Replicas/Master will respond.|
|Resolution||This problem is reported in the early releases of the RSA ACE/Agent API, issued to our Partners for compatibility testing of their Third Party Products. The problem has been resolved in build 623 of the RSA ACE/Agent API. Anyone who believes they have an earlier version should upgrade to the current release available from RSA Security.|
|Legacy Article ID||a5220|