000020266 - ClearTrust Authorization Server does not fail over to BDC when PDC unavailable

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020266
Applies ToRSA ClearTrust 4.7.1 Authorization Server (AServer)
Red Hat Linux 7.3
Defect CQ tst00034269
IssueClearTrust Authorization Server does not fail over to BDC when PDC unavailable
Users unable to authenticate through ClearTrust; Web agent configured for NT authentication
ClearTrust Authorization Server log file shows "NT PDC Error" and debug log shows "NT_AUTH_PDC_ERROR"
CauseDue to a bug in the product, the Authorization Server did not fail over to the second (backup) NT domain controller
ResolutionThis problem has been fixed in a hot fix 4.7.1.50 for ClearTrust Servers. Please contact RSA Security Customer Support to request this fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). After applying the hot fix, the Authorization Server is able to fail over to the next domain controller in the list.
WorkaroundClearTrust Authorization Server configuration file - aserver.conf - lists two or more NT Domain Controllers against the following parameter:
        cleartrust.aserver.nt_domain_controllers=pdc-name,bdc-name
The first NT Domain Controller, for example 'pdc-name' listed above, has become unavailable.
Legacy Article IDa15570

Attachments

    Outcomes