000023000 - Failing to import sdconf.rec on Juniper VPN Device when using RSA ACE/Server and Authentication Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000023000
Applies ToJuniper Networks Secure Access
RSA ACE/Server
IssueFailing to import sdconf.rec on Juniper VPN Device when using RSA ACE/Server and Authentication Manager
RSA ACE/Server and Authentication Manager not responding to Juniper Networks Secure Access
Error: "Server Unreachable"
CauseWhen importing the sdconf.rec into the Juniper device, Juniper sends a "time request" packet to the primary ACE/Server. This is nothing more than a "Hello" packet to port 5500 to the primary...testing the connectivity between the primary and the Juniper device. This exchange must work for the file to be successfully imported.

Possible causes are that the primary is not online at the moment, or a firewall is blocking this traffic.
ResolutionTo correct this issue, navigate to Start Menu > Control Panel > Administrative Tools > Services. Make sure the RSA ACE/Server or RSA Authentication Manager Authentication Engine is started. You can also perform a netstat -an | find "5500" to verify that the port is listening/idle.

If you find that the Authentication Engine is up, make sure there isn't a Which firewall ports need to be open for RSA SecurID 5.2-6.1 to work properly? that may be blocking the traffic.

For further information on the integration of Juniper devices with Two-Factor Authentication, see our Implementation Guides
Legacy Article IDa29172

Attachments

    Outcomes