000013561 - Moving RSA Authentication Manager 6.1 that uses RADIUS profiles to a new server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000013561
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition: 6.1
IssueThis article provides steps on moving RSA Authentication Manager 6.1 that uses RADIUS profiles to a new server
 
Resolution
  1. Install RSA Authentication Manager 6.1 on new hardware.
  2. Install RADIUS on the same server.  The RADIUS Server.msi is on the Authentication Manager install DVD.  Note:  Do not run the RADIUS Administration.msi.
  3. Ensure that the patch levels of Authentication Manager running on the old and new server are the same.
  4. On the old server,
    1. Stop the RSA Authentication Manager services via the RSA Control Panel (Start > Programs > RSA Security > RSA Authentication Manager Control Panel > Start & Stop RSA Auth Mgr Services > Stop All.
    2. Dump the database (Start > Programs > RSA Security > RSA Authentication Manager Database Tools > Dump). More information on how to dump the database can be found on page 59 the RSA Authentication Manager 6.1 Administrator Guide.
    3. Via the RSA Authentication Manager Control Panel, restart the Authentication Manager services and start the RADIUS service.  It is recommended that the option to start the RADIUS services with the Authentication Manager services is checked.
  5. On the new server,
    1. Stop the RSA Authentication Manager services via the RSA Control Panel (Start > Programs > RSA Security > RSA Authentication Manager Control Panel > Start & Stop RSA Auth Mgr Services > Stop All.
    2. Load the database (Start > Programs > RSA Security > RSA Authentication Manager Database Tools > Load) using the option to merge the database and that the license information is different. More information on how to dump the database can be found on page 61 the RSA Authentication Manager 6.1 Administrator Guide.
    3. Move the four dat files (acthdr.dat, failover.dat, RADADS.DAT and RADCLNT.DAT) from the older <radius_installed_dir\service> directory to the new server <radius_installed_dir\service>.  The default directory for RSA RADIUS will be C:\Program Files\RSA Security\RSA Radius\Service.
    4. Via the RSA Authentication Manager Control Panel, restart the Authentication Manager services and start the RADIUS service.  It is recommended that the option to start the RADIUS services with the Authentication Manager services is checked.
    5. Open Host Mode (Start > Programs > RSA Security > RSA Authentication Manager Host Mode).
    6. Select Agent Host > List Agent Host and click OK.  Ensure your new server entry should be there.
    7. Click on Agent Host > Edit Agent Host and select the new server name then click OK.  
    8. Uncheck the option for Node Secret Created and then click OK.
    9. Open a command prompt on the new server and go to C:\Program Files\RSA Security\RSA Radius\Service directory and run the following command, with PRIMARY written all in caps.  This command will generate the node secret for the newly created primary server.
RSAInstallTool -identity PRIMARY

 
Legacy Article IDa43584

Attachments

    Outcomes