000025409 - How to administer RSA ACE/Server & RSA Authentication Manager passing through a firewall

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025409
Applies ToRSA Authentication Manager
RSA ACE/Server
Microsoft Windows
UNIX (AIX, HP-UX, Solaris)
Remote Administration
IssueHow to administer RSA ACE/Server & RSA Authentication Manager passing through a firewall
Cannot connect RSA ACE/Server & RSA Authentication Manager through the firewall to perform Remote Administration
Unable to connect to log database. Please be sure that the database broker is running on host ... and that the service SDLOG is properly defined in your local SERVICES file.
ResolutionThe default number of concurrent remote administration sessions supported is 32. Be sure to close the Database Administration session after completing your work.

Remote administration uses TCP, which opens two ports for each remote administration session running on your RSA ACE/Server. You can limit the number of ports that can be opened at the same time (and thereby limit the number of remote administration sessions that can run at the same time) by specifying a range of port numbers that can be used for remote administration connections.

To specify a range of port numbers:

1. Stop the Master RSA ACE/Server and database brokers. On a UNIX machine, type the following lines at the command line:

   aceserver stop
   sdconnect stop

On a Windows NT machine, use the Control Panel applet.

2. In the ace\rdbms32 directory (Windows NT) or ace/rdbms directory (UNIX), make a backup copy of the startup.pf file. Name it startup.old.

3. Open the startup.pf file in a text editor, and add the following lines to the end of the file:

   -minport minimum port number
   -maxport maximum port number

TCP does not use the port specified as the minimum port number. The first port used is always one greater than the specified minimum port number, so the range of ports specified must always include one more port than needed. If there are 10 remote connections, 20 ports are needed and a range of 21 ports must be specified. For example, to use ports 3001 through 3020, add the following lines to the file:

   -minport 3000
   -maxport 3020

NOTE: Make sure the range of port numbers specified does not include port numbers used by other services

For Windows NT users:

- Windows NT requires that the minimum port number be no less than 3000

- If the Progress Development Toolkit is used, the system may be using a startup.pf other than the one that shipped with RSA ACE/Server 4.1. In this case, RSA Security recommends that you edit both startup.pf files according to this procedure.

4. Restart the RSA ACE/Server

5. Open up the ports defined in the startup.pf file in addition to the 55xx ports (found in the services file on your RSA ACE/Server) in your firewall

For more information, see the solution regarding Error: "You have attempted to connect to a database with too many users" in RSA ACE/Server.
Legacy Article ID6.0.2974753.2885112