000022224 - RSA ACE/Server & RSA Authentication Manager database not replicating

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000022224
Applies ToRSA Authentication Manager 6.0
Microsoft Windows Server 2003
Hostname of RSA ACE/Server contains upper-case characters
IssueRSA ACE/Server & RSA Authentication Manager database not replicating
In Replica Manager, the initial "Primary communication has occurred" is displayed as NO
Replica fails to contact the Primary after initial installation
CauseAlthough case sensitivity has been largely improved since RSA ACE/Server 5.2, replication can still suffer where hostnames (both on the actual server and in the replica table) contain upper-case letters. It appears the ACE/Server is unable to match the resolved hostname, as the operating system always returns a lower-case hostname when a lookup is performed.
ResolutionTo correct this issue, modify the replica table first (if required), changing all hostnames to lower-case. Modify the hostname of the primary/replica to lower-case name. See the note below, as it may be necessary to change the name twice. Additionally, ensure the securidprop services are correctly defined. For more information, see the solution regarding Correct and annotated example of RSAACE/Serverservices file. Also, for replication via firewall, see the solution regarding Which firewall ports need to be open for RSA SecurID 5.2-6.1 to work properly?

If ipconfig /all shows mixed case hostname then this must be changed to all lower-case, note that windows does not care about case and so will not allow the user to change from eg "Server01" to "server01" and the OS sees these as being the same. To change to lower-case, you must change the hostname to something else first then back to the lowercase name.

To Troubleshoot, compare output from the following:

From the Primary:

* open a command prompt and run: ipconfig /all > prim_ip.txt
* open a command prompt and go to the ace\prog directory and run: sdrepmgmt list > replist.txt
* ping -a <ipaddress> > lookup_p.txt

From the Replica:

* open a command prompt and run: ipconfig /all > rep_ip.txt
* ping -a <ipaddress> > lookup_r.txt

NOTE: ping -a will use a local ..\etc\hosts file first before looking up DNS which is also the behavior of the ACE/Server when performing a lookup. If you know that there is no hosts file, just DNS then Nslookup can be used instead.

RSA ACE/Server and Authentication Manager Installation Guide states the following:

Important: The name of each Server machine must be a fully-qualified computer on the network, and the name must be all lowercase.

For more information, see RSA Authentication Manager 6.0 for Windows Installation Guide under the section titled Adding and Installing a new Replica
Legacy Article IDa27522