000017449 - Authentication fails and nothing appears in the RSA Authentication Manager 8.1 Authentication Activity Monitor

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000017449
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition: 8.1, 8.0
  • Authentication fails from the RSA agent and nothing appears on Authentication Activity Monitor in Authentication Manager 8.1 or 8.0.
  • Authentication Manager does not log authentication requests in the Authentication Activity Monitor from a misconfigured agent.
CauseIf a request is coming from an IP address which is not defined in the Authentication Manager Security Console as an authentication agent (also known as an agent host), nothing appears on Authentication Activity Monitor.
ResolutionThis issue has been reported in defect AM-27848 and it is resolved in Authentication Manager 8.1 patch 4.
  1. Login to the Security Console.
  2. Navigate to Setup > System Settings > Logging > Select the primary server.
  3. Change the log level to Verbose for trace.log.
  4. Save the change.
  5. Perform one authentication.
  6. Collect the /opt/rsa/am/server/logs/imsTrace.log from the primary.
  7. Search for the text Agent Not Found and you will notice the message Agent Not Found followed by the IP address used for sending the request.  As an example,
Error: "2013-12-17 13:16:23,362, [AgentProtocolServer Core Thread #1], (AbstractAuthRequestHandler.java:155), 
trace.com.rsa.authmgr.internal.protocol.ace.AbstractAuthRequestHandler, DEBUG, lada-am193.emc.com,,,,Agent not found.  Processing aborted.
com.rsa.authmgr.internal.protocol.ace.AgentNotFoundException: Agent Not Found:"

  1. Navigate to Access > Authentication Agent > Manage Existing.
  2. Click on the arrow next to the agent listed in the imsTrace.log and choose View.  
  3. Confirm that the agent's IP address is the same as what is in the log file.  
  4. Make changes, if necessary.
  5. Open the real time authentication activity montior (Reporting > Real Time Activity Monitors > Authentication Activity Monitor) and click Start.
  6. Test again to see if anything shows in the log.
Legacy Article IDa66084