You can view status and monitoring information for the identity routers in your deployment using the Cloud Administration Console. Use this information to help troubleshoot configuration and authentication issues.
When status changes occur, additional diagnostic information is provided in the System Event Monitor (Platform > System Event Monitor) and identity router audit logs. See System Event Monitor Messages for the Cloud Authentication Service and Identity Router Audit Log Messages .
- Sign into the Cloud Administration Console.
Click Platform > Identity Routers.
The console displays the following basic status information for each identity router in your deployment:
Current status of the identity router
The following table describes the identity router status indicators:
Identity Router Status Description ACTIVE The identity router is connected to the Cloud Authentication Service and operating normally. INACTIVE The identity router is not connected to the Cloud Authentication Service. DEBUG The identity router is connected to the Cloud Authentication Service and debug-level logging is enabled. DISTRESSED There is a problem with the identity router. Contact RSA Customer Support for troubleshooting assistance. OUT_OF_DATE The identity router is not using the latest software version. See Update Identity Router Software for a Cluster to install the latest software.
- To display advanced status information for a specific identity router, click the arrow next to the identity router name.
Name of the cluster to which the identity router belongs
Date and time of the last status check between the Cloud Authentication Service and the identity router
Date and time of the last authentication service check
Hostname of the identity router
Eth0 IP address
This is the management interface IP address for VMware/Hyper-V identity routers, and the IP address of the only network interface for Amazon Web Services identity routers.
Eth1 IP address
This is the portal interface IP address for VMware/Hyper-V identity routers, and is not available for Amazon Web Services identity routers.
Identity router software version number
Date and status of the last identity router software update
Date and status of the last identity router adapter update
Status of RADIUS and SSO Agent services on the identity router
Service Status Description RUNNING The service is enabled and operating normally. STOPPED The service is enabled but is not working. To troubleshoot, run a simple test to confirm that the service is stopped, view the identity router system log for errors, or restart the identity router to try to restart the service. DISABLED The service is not enabled.
The last reported status is displayed for the following items. Status indicators are green for healthy, yellow for partially healthy, or red for unhealthy. Yellow status for DNS and and AD/LDAP connections indicates that some configured servers are healthy while others are not. Click the arrow next to a status indicator to view IP addresses or domain names for configured servers.
AD/LDAP. If no identity sources are configured, click the icon, then click Not Configured to open a new tab and configure an identity source. Every two minutes, the identity router checks connectivity to the identity source servers by connecting to each server and attempting to look up a random user.
DNS servers. Updated every minute. Displays a configuration icon if DNS is not configured. Configure DNS from the Identity Router Setup Console.
NTP server. Updated every minute. Displays a configuration icon if NTP is not configured. Configure NTP from the Identity Router Setup Console.
Authentication Manager server. Updated every two minutes. If Authentication Manager is not configured, click the icon, then click Not Configured to open a new tab and configure an Authentication Manager connection.
Heartbeat service. Sends identity router information to the Cloud Authentication Service every 15 seconds. If the identity router stops responding, check the date and time of the last heartbeat to help determine when the connection was lost.
Cloud time synchronization. Indicates whether identity router time is within 60 seconds of the time reported by the Cloud Authentication Service as required for successful authentication.
Software update service. Updated every 5 minutes. Required for the identity router to perform software updates.
Adapter update service. Updated every 5 minutes. Required for the identity router to perform updates.