000025835 - RSA ClearTrust Agent does not failover to secondary auth server if primary is shutdown or disconnected from network

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025835
Applies ToRSA ClearTrust Agent 4.0 for Microsoft Internet Information Services (IIS) 5.0
Microsoft Windows 2000 Advanced Server SP3
Microsoft Internet Information Server (IIS) 5.0
IssueRSA ClearTrust Agent does not failover to secondary auth server if primary is shutdown or disconnected from network
If auth server is started via BAT file, failover works, if started as a service, failover does not work.
CauseIn the ClearTrust code there's a connect() call that is made to open the TCP/IP socket to the dispatcher. This connect() call has a hard-coded timeout of 180 seconds and a hard-coded retry value of 3. So, in the scenario above where the machine running the primary auth server is disconnected from the network or shutdown there would be approximately a 12 minute delay before the secondary auth server would start accepting auth requests.
ResolutionContact RSA Customer Support and request the ctRFE36649 enhancement/fix. Follow the instructions in the readme provided for proper installation.
Legacy Article IDa17647

Attachments

    Outcomes