000029340 - Promotion of a RSA Authentication Manager 8.1 replica fails

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support on Feb 1, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029340
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1 patch 5

 
IssuePromotion of a replica fails in RSA Authentication Manager 8.1 in the pre-check stage.
The following errors are in the Planned-Promotion-Precheck-<datestamp>.log:
 

ERROR: The Operations Console on the primary instance is not reachable to check replication status or reachability with other replica instances. 

ERROR: Could not access HTTP invoker remote service at [https://myprimary_server_host_name. domain_name.com:7072/operations-console/dispatcher/HttpInvokerPlannedPromotion]; nested exception is org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 20000 ms


The following errors are in am/server/logs/ops-console.log: 

@@@2014-10-02 14:36:21,948 ERROR [PlannedPromoteReplicaPrereqCheck] GUILog.traceException(587) | exception: 
com.rsa.ims.operationsconsole.admin.taskmgr.TaskExecutionException: Error in checking primary instance healthy status: 
   at com.rsa.ims.operationsconsole.admin.promote.planned.tasks.CheckOriginalPrimaryHealthyTask.execute(CheckOriginalPrimaryHealthyTask.java:160) 
   at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42) 
   at com.rsa.ims.operationsconsole.admin.impl.OCManageReplicationImpl$1PlannedPromotePrereqCheckSiteThread.run(OCManageReplicationImpl.java:1101) 
   at java.lang.Thread.run(Thread.java:680) 
Caused by: org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [https://ma05ace02.rc4ss.com:7072/operations-console/dispatcher/HttpInvokerPlannedPromotion]; nested exception is org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 20000 ms 
at org
CauseThe file Planned-Promotion-Precheck-<datestamp>.log clearly indicates that port 7072 is not open between the replica and primary server. 
 
ERROR: The Operations Console on the primary instance is not reachable to check replication status or reachability with other replica instances. 


Promotion activity on a replica, tries to connect to the primary's Operations Console and checks the following: 
  1. To verify replication status and reachability.
  2. To make sure that there are nobackups scheduled at the time of promotion. 
  3. To make sure that there are no conflicting operations currently in progress.
Resolution
Open port 7072 in addition to other ports described on page 96 of RSA Authentication Manager 8.1 SP1 Setup and Configuration Guide.
 


Firewall Ports between RSA Authentication Manager 8.1 Primary and Replica

Attachments

    Outcomes