000022153 - RSA ClearTrust Agent 3.5 for Apache cannot reconnect to ClearTrust Server if TCP connection times out on a firewall between ClearTrust Agent and Server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022153
Applies ToRSA ClearTrust Agent 3.5 for Apache
Sun Solaris
Apache 1.3.x
Apache 2.0
IssueRSA ClearTrust Agent 3.5 for Apache cannot reconnect to ClearTrust Server if TCP connection times out on a firewall between ClearTrust Agent and Server
Error: "Internal Server Error" when accessing web page protected by RSA ClearTrust Agent 3.5 for Apache running on Sun Solaris
Error: "ct_extpool_call_auth_server: return CT_UNREACHABLE_HOST_ERROR" appears in RSA ClearTrust Agent logfile
Error: "ct_int_is_path_protected: set status CT_SERVER_TIMED_OUT" appears in RSA ClearTrust Agent logfile
CausePacket filter or firewall closing idle connections between RSA ClearTrust Agent and Server
ResolutionIf a firewall is filtering communication between an RSA ClearTrust Agent and Server, it's possible the TCP connection times out (on the firewall) and no subsequent packets are allowed.

This issue has been resolved in a hot fix for RSA ClearTrust Agent 3.5 for Apache. Contact RSA Security Customer Support to obtain hot fix 3.5.0.38, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).

NOTE: T
o use this hot fix, you must know the timeout time for TCP connections on your firewall. Read the Readme file that comes with the hot fix carefully, as it contains important configuration information.
Legacy Article IDa27313

Attachments

    Outcomes