000013791 - 7.1: Unable to promote a replica radius server to be a primary using disaster recover method

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013791
Applies ToAuthentication Manager 7.1
Radius
IssueUnable to promote a replica radius server to be a primary using disaster recover method
Error message when trying to promote the replica radius server, "Sorry, your request cannot be processed at this time.  There was a problem processing your request  An unknown system error occurred"
CauseThere are two methods for promotion of a replica Radius to be a primary.  If the primary Authentication Manager is up you can just log onto the Primary's Authentication Manager Operations Console and manage RADIUS replica and select promote.  If the primary server is not available (disaster recovery option) you will need to promote an Authentication Manager replica server to be the primary first, then promote the RADIUS server through the newly promoted primary's Operations console.  The instructions in the install guide starting on page 221 do work, but there are a couple of things that may have been overlooked.  Please follow the instructions below:
Resolution

1. Promote the Authentication Manager replica to be a primary by logging into the RSA Operation Console and choosing Promote

2. On the new Primary cd to RSA Security\RSA Authentication Manager\radiusoc\utils and run "rsautil manage-secrets -a set com.rsa.radius.oc.cert.cn.1 NewPrimary.domain.com"
3. Verify the setting took by running "rsautil manage-secrets -a get com.rsa.radius.oc.cert.cn.1"
4. Restart all RSA services on server (new primary)

5. Make sure the Local Radius admins password matches that in the Authentication Manager. To do this find the RADIUS user by right-clicking on My Computer > Manage > Local Users, then go into Authentication Manager Security Console --> RADIUS --> RADIUS Servers --> select the replica --> edit. You will see the username under RADIUS Admin User Name. Change the local user password and the password on this page so that they match, then hit save.

6. Logon to the RSA Operation Console and choose Deployment Configuration --> RADIUS --> Manage existing, then choose the replica and select Promote Replica to become new Primary.

NotesThis process will not work if your run the rsautil command from RSA Authentication Manager\utils.  You need to be in radiusoc\utils.
Legacy Article IDa42841

Attachments

    Outcomes