000028039 - Installing Authentication Manager 7.1 SP2 : RADIUS Server cannot be managed

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028039
Applies ToMicrosoft Windows 2003 and above
Authentication Manager 7.1 SP2
IssueInstalling Authentication Manager 7.1 SP2 : RADIUS Server cannot be managed
no RADIUS Servers are offered to be managed
No Result found when browsing Primary Security Console ---> RADIUS
config.out and config_trace.log do not reveal any installation or configuration issues; RADIUS is said to be both installed and configured

the <date>.log files under <RSA_HOME>\radius\service show the following

11/17/2009 14:47:42 Version: v6.10.4280
11/17/2009 14:47:43 No administrative users found in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\access.ini
11/17/2009 14:47:43 No administrative groups found in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\access.ini
11/17/2009 14:47:43 Auto-configuring server IPv4 addresses
11/17/2009 14:47:43 Configured server IP address: xxx.xxx.xxx.xxx
11/17/2009 14:48:55 Successfully restored dictionary information from saved dict file
11/17/2009 14:48:56 Evaluation period will expire on 2009-12-17
11/17/2009 14:48:56 Licensed for Enterprise Edition
11/17/2009 14:48:56 Radius Administration Server Initialization Complete
11/17/2009 14:48:56 Initialized Radius socket address 10.120.209.100 port 1646 (receive buffer size 8192 bytes)
11/17/2009 14:48:56 Initialized Radius socket address 10.120.209.100 port 1645 (receive buffer size 8192 bytes)
11/17/2009 14:48:56 Initialized Radius socket address 10.120.209.100 port 1813 (receive buffer size 8192 bytes)
11/17/2009 14:48:56 Initialized Radius socket address 10.120.209.100 port 1812 (receive buffer size 8192 bytes)
11/17/2009 14:48:59 Radius Accounting Server started ...
11/17/2009 14:48:59 Initialized peapauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\peapauth.aut
11/17/2009 14:49:01 Initialized ttlsauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\ttlsauth.aut
11/17/2009 14:49:02 Initialized winauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\winauth.aut
11/17/2009 14:49:04 SecurID authentication method disabled because 'sdconf.rec' file not present
11/17/2009 14:49:04 SharedSecret or TargetHost specification missing in tacplus.ini file
11/17/2009 14:49:04 insidetrack cookie not present.
11/17/2009 14:49:04 EAP-PEAP: Unable to load server certificate and private key - file C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\ROOT\server_certificate.pfx not found
11/17/2009 14:49:04 insidetrack cookie not present.
11/17/2009 14:49:04 EAP-TTLS: Unable to load server certificate and private key - file C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\ROOT\server_certificate.pfx not found
11/17/2009 14:49:04 Windows Domain authentication enabled
11/17/2009 14:49:04 Radius Authentication Server started ...
11/17/2009 14:49:05 Starting DCF system
11/17/2009 14:50:09 Windows Domain Users provider started in 38 seconds
11/17/2009 14:50:11 Server Certificate SHA1 Fingerprint: A7:33:2E:99:7A:77:AB:00:81:B1:EA:2F:64:80:5A:A6:9D:38:AE:D5
11/17/2009 14:50:11 DCF system started
11/17/2009 14:50:11 Steel-Belted Radius is operational.

 

Once the sdconf.rec is provided and the RADIUS Server restarted we see:

 

11/17/2009 19:35:17 Version: v6.10.4280
11/17/2009 19:35:17 No administrative groups found in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\access.ini
11/17/2009 19:35:17 Auto-configuring server IPv4 addresses
11/17/2009 19:35:17 Configured server IP address: 10.120.209.100
11/17/2009 19:35:19 Successfully restored dictionary information from saved dict file
11/17/2009 19:35:19 Evaluation period will expire on 2009-12-17
11/17/2009 19:35:19
Licensed for Enterprise Edition
11/17/2009 19:35:19 Radius Administration Server Initialization Complete
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1646 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1813 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1645 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1812 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Radius Accounting Server started ...
11/17/2009 19:35:20 Initialized peapauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\peapauth.aut
11/17/2009 19:35:20 Initialized ttlsauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\ttlsauth.aut
11/17/2009 19:35:20 Initialized winauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\winauth.aut
11/17/2009 19:35:20 SecurID authentication enabled
11/17/2009 19:35:20 SharedSecret or TargetHost specification missing in tacplus.ini file
11/17/2009 19:35:20 insidetrack cookie not present.
11/17/2009 19:35:20 EAP-PEAP: Successfully registered EAP authentication module
11/17/2009 19:35:20 insidetrack cookie not present.
11/17/2009 19:35:20 EAP-TTLS: Successfully registered EAP authentication module
11/17/2009 19:35:20 Windows Domain authentication enabled
11/17/2009 19:35:20 Radius Authentication Server started ...
11/17/2009 19:35:20 Starting DCF system
11/17/2009 19:35:54 Windows Domain Users provider started in 33 seconds
11/17/2009 19:35:55 Server Certificate SHA1 Fingerprint: C2:5C:20:02:84:3E:42:A9:77:50:36:E0:D8:D7:C0:74:BA:74:CA:F4
11/17/2009 19:35:55 DCF system started
11/17/2009 19:35:55 Steel-Belted Radius is operational.

But the problem remains

 


Running the repair of the RSA RADIUS Server 7.1 using Add/Remove Programs actually fixes the issue and the RADIUS Server can be managed and configured.

However the following problem remains:

/17/2009 19:35:17 Version: v6.10.4280
11/17/2009 19:35:17 No administrative groups found in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\access.ini
11/17/2009 19:35:17 Auto-configuring server IPv4 addresses
11/17/2009 19:35:17 Configured server IP address: 10.120.209.100
11/17/2009 19:35:19 Successfully restored dictionary information from saved dict file
11/17/2009 19:35:19 Evaluation period will expire on 2009-12-17
11/17/2009 19:35:19
Licensed for Enterprise Edition
11/17/2009 19:35:19 Radius Administration Server Initialization Complete
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1646 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1813 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1645 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Initialized Radius socket address 10.120.209.100 port 1812 (receive buffer size 8192 bytes)
11/17/2009 19:35:19 Radius Accounting Server started ...
11/17/2009 19:35:20 Initialized peapauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\peapauth.aut
11/17/2009 19:35:20 Initialized ttlsauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\ttlsauth.aut
11/17/2009 19:35:20 Initialized winauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\winauth.aut
11/17/2009 19:35:20 SecurID authentication enabled
11/17/2009 19:35:20 SharedSecret or TargetHost specification missing in tacplus.ini file
11/17/2009 19:35:20 insidetrack cookie not present.
11/17/2009 19:35:20 EAP-PEAP: Successfully registered EAP authentication module
11/17/2009 19:35:20 insidetrack cookie not present.
11/17/2009 19:35:20 EAP-TTLS: Successfully registered EAP authentication module
11/17/2009 19:35:20 Windows Domain authentication enabled
11/17/2009 19:35:20 Radius Authentication Server started ...
11/17/2009 19:35:20 Starting DCF system
11/17/2009 19:35:54 Windows Domain Users provider started in 33 seconds
11/17/2009 19:35:55 Server Certificate SHA1 Fingerprint: C2:5C:20:02:84:3E:42:A9:77:50:36:E0:D8:D7:C0:74:BA:74:CA:F4
11/17/2009 19:35:55 DCF system started
11/17/2009 19:35:55 Steel-Belted Radius is operational.

What should be seen is:

10/30/2009 08:56:05 Version: v6.10.4280
10/30/2009 08:56:05 No administrative users found in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\access.ini
10/30/2009 08:56:05 No administrative groups found in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\access.ini
10/30/2009 08:56:05 Auto-configuring server IPv4 addresses
10/30/2009 08:56:05 Configured server IP address: xxx.xxx.xxx.xxx
10/30/2009 08:56:06 Successfully restored dictionary information from saved dict file
10/30/2009 08:56:06
10/30/2009 08:56:06 RSA RADIUS -- Powered by Steel-Belted Radius licenses
10/30/2009 08:56:06 license string                  additional info
10/30/2009 08:56:06 1605 0000 1100 0097 6431 2154   full license
10/30/2009 08:56:06
10/30/2009 08:56:06 Licensed for RSA RADIUS Server
10/30/2009 08:56:07 Radius Administration Server Initialization Complete
10/30/2009 08:56:07 Initialized Radius socket address 10.148.129.32 port 1646 (receive buffer size 8192 bytes)
10/30/2009 08:56:07 Initialized Radius socket address 10.148.129.32 port 1813 (receive buffer size 8192 bytes)
10/30/2009 08:56:07 Initialized Radius socket address 10.148.129.32 port 1645 (receive buffer size 8192 bytes)
10/30/2009 08:56:07 Initialized Radius socket address 10.148.129.32 port 1812 (receive buffer size 8192 bytes)
10/30/2009 08:56:08 Initialized peapauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\peapauth.aut
10/30/2009 08:56:08 Initialized ttlsauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\ttlsauth.aut
10/30/2009 08:56:08 Initialized winauth.dll referenced in C:\PROGRA~1\RSASEC~1\RSAAUT~1\radius\Service\winauth.aut
10/30/2009 08:56:09 Radius Accounting Server started ...
10/30/2009 08:56:10 SecurID authentication enabled
10/30/2009 08:56:10 insidetrack cookie not present.
10/30/2009 08:56:10 EAP-PEAP: Successfully registered EAP authentication module
10/30/2009 08:56:10 EAP-TTLS: Successfully registered EAP authentication module
10/30/2009 08:56:10 Initialization of Authentication method for Windows Domain User not supported
10/30/2009 08:56:10 Unable to register Windows Domain user authentication method
10/30/2009 08:56:10 Radius Authentication Server started ...
10/30/2009 08:56:10 Starting DCF system
10/30/2009 08:56:11 Error 0x6b5 returned from DsEnumerateDomainTrusts call
10/30/2009 08:56:13 Server Certificate SHA1 Fingerprint: 3D:C9:E7:82:A3:67:D2:A4:3A:8D:39:AE:1F:0F:E5:5D:DD:6C:0E:5C
10/30/2009 08:56:13 DCF system started
10/30/2009 08:56:13 RSA RADIUS -- Powered by Steel-Belted Radius is operational.

 

CauseThis is functioning as design since Authentication Manager 7.1 SP2: the RADIUS Server must first be configured via the Operations Console
ResolutionUse Operations Console ---> Deployment Configuration ---> RADIUS ---> Configure RADIUS Server
Legacy Article IDa48572

Attachments

    Outcomes