000024666 - Problem with high availability of LDAP server in RSA Certificate Manager 6.6

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024666
Applies ToRSA Certificate Manager 6.6
Microsoft Windows Server 2003
iPlanet Directory Server
Lightweight Directory Access Protocol (LDAP)
Microsoft Network Load Balancer
IssueProblem with high availability of LDAP server in RSA Certificate Manager 6.6
RSA Certificate Manager is set up to use an external LDAP database as per the high availability document. There are 2 servers set up with iPlanet Directory Servers 5.2 to replicate their information. Microsoft Network Load Balancer is set up to give an single IP address for the CM to use. When one of the Directory Servers is taken off the network, the Certificate Manager doesn't respond for approximately 10 minutes (or is restarted).
CauseRSA Certificate Manager doesn't check the connection to the LDAP server before using it; the default timeout for the connection by Certificate Manager is 10 minutes
ResolutionTo correct this issue, install build 300 of RSA Certificate Manager 6.6. This has new functionality that checks the connection before trying to use it. If this test fails, then a new connection is made. Contact RSA Security Customer Support to obtain this build.
Legacy Article IDa28579

Attachments

    Outcomes