|Applies To||RSA ClearTrust 4.7.1 Authorization Server (AServer)|
Red Hat Linux 7.3
Defect CQ tst00034269
|Issue||ClearTrust Authorization Server does not fail over to BDC when PDC unavailable|
Users unable to authenticate through ClearTrust; Web agent configured for NT authentication
ClearTrust Authorization Server log file shows "NT PDC Error" and debug log shows "NT_AUTH_PDC_ERROR"
|Cause||Due to a bug in the product, the Authorization Server did not fail over to the second (backup) NT domain controller|
|Resolution||This problem has been fixed in a hot fix 220.127.116.11 for ClearTrust Servers. Please contact RSA Security Customer Support to request this fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). After applying the hot fix, the Authorization Server is able to fail over to the next domain controller in the list.|
|Workaround||ClearTrust Authorization Server configuration file - aserver.conf - lists two or more NT Domain Controllers against the following parameter:|
The first NT Domain Controller, for example 'pdc-name' listed above, has become unavailable.
|Legacy Article ID||a15570|