000023002 - Replication not working for RSA Authentication Manager 6.1 running on Red Hat Linux ES 3.0

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023002
Applies ToRSA Authentication Manager 6.1
Red Hat Linux ES 3.0
Installing Replica Server
IssueReplication not working for RSA Authentication Manager 6.1 running on Red Hat Linux ES 3.0
RSA Authentication Manager replica installs correctly but never contacts primary and never replicates new data
Nothing appears in RSA Authentication Manager primary's Log Monitor indicating that the replica is attempting to connect
tcpdump output shows: "08:22:11.432836 replicahostname > primaryhostname: icmp: host primaryhostname unreachable - admin prohibited [tos 0xc0]"
CauseDuring the install process of Red Hat Linux, you are asked if you wish to enable the firewall (iptables) - the default option is to turn it on. If you keep this option and do not configure the firewall any further, the firewall will block replication attempts.
ResolutionTo verify that iptables is not blocking replication attempts, turn off the firewall temporarily by running "/etc/init.d/iptables stop" on both the RSA Authentication Manager primary and replica, then restart Authentication Manager on the replica. If this resolves the problem, then either disable the firewall completely, or configure it in such a way that allows Replication. The replica will need to connect to the primary on the primary's Replication Port, and the primary will need to connect to the replica on the Replica's Replication Port. These ports numbers can be found by running "ACE/prog/sdrepmgmt list" on the primary. Also, both servers will need to be able to connect to each other on the sdlockmgr port (default 5560/tcp). Please see Red Hat's documentation on exactly how to configure iptables.
Legacy Article IDa29089

Attachments

    Outcomes