000033409 - How to attach an RSA Authentication Manager 8.1 replica server when Quick Setup fails with error message "Failed to Attach Replica Instance"

Document created by RSA Customer Support Employee on Jul 26, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000033409
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
IssueThe Quick Setup process fails with the following error message:
 
Failed to Attach Replica Instance
 

Error: Failed to attach replica instance
CauseThis error will display for the following reasons:
  • The replica is unable to connect to the primary RSA Authentication Manager 8.1 server within specified period of time.
  • There are network issues between the primary and replica RSA Authentication Manager 8.1 servers.
ResolutionTo resolve the issue, complete the following tasks:
  • Add an entry to /etc/hosts on the primary to define the replica.
  • Add information about the primary to /etc/hosts on the replica.
  • Extend the synchronization interval between the primary and replica Authentication Manager servers.
  • Generate a new replica package from the RSA Authentication Manager 8.1 primary server.

Add an entry for the replica to the primary's /etc/hosts


  1. On the Authentication Manager primary server,
    1. Login to the RSA Authentication Manager 8.1 primary server's Operations Console.
    2. Navigate to Administration > Network > Hosts File.
    3. Click Add New.  
    4. Add the replica server's IP address and Fully Qualified Domain Name (FQDN).
    5. Click Save when done.

 


Hosts File Entry


Add information about the primary to /etc/hosts on the replica


  1. On the Authentication Manager replica server,
    1. Since the replica is not attached to the primary, SSH access to the replica needs to be enabled via command line.  Review the following articles to complete this task:
  1. Using the rsaadmin account, login to the RSA Authentication Manager 8.1 replica via SSH, vSphere or the Hypervisor client.
  2. Change to the root user by running the command sudo su - root and providing the rsaadmin password.
  3. Navigate to /etc.
  4. Make a backup of the current hosts file.
  5. Using a text editor, such as vi, edit /etc/hosts.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter OS user password>
Last login: Thu Jul 21 10:13:49 2016 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> sudo su - root
rsaadmin's password:  <enter OS user password>
am81r:~ # cd /etc
am81r:/etc # cp hosts hosts.bak
am81r:/etc # vi host

  1. Enter insert mode  by typing i.
  2. Add the primary server's IP address and FQDN to the file, as shown below.  Note that entries must be the IP address followed by a space or tab, then FQDN.  Optionally, the short name can be added after the FQDN.
#
# hosts This file describes a number of hostname-to-address
#       mappings for the TCP/IP subsystem. It is mostly
#       used at boot time, when no name servers are running.
#       On small systems, this file can be used instead of a
#       "named" name server.
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#
127.0.0.1 localhost
# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
# BEGIN local address
192.168.2.31 am81p.vcloud.local am81p
# END local address

  1. Exit insert mode by hitting ESC.
  2. To save the changes and exit, 
:wq!

  1. To quit the editor without saving, 
:q!

  1. For the changes of /etc/hosts to take effect, reboot the primary and replica Authentication Manager servers.  When both servers are back online, continue with the steps below.

Increase the synchronization interval between the primary and replica Authentication Manager servers


  • The default replication heartbeat between the primary server and replicas in the deployment is 30 seconds.
  • Increasing the synchronization interval would provide more time for the RSA Authentication Manager 8.1 primary server to communicate to the replica server and vice versa.
  • Increasing the synchronization interval to 120 seconds would allow more time for data to sync between servers.
  1. On the Authentication Manager primary server,

 


  1. Using the rsaadmin account, login to the Authentication Manager 8.1 primary via SSH, the vSphere client or direct connection.
  2. Navigate to /opt/rsa/am/utils.
  3. To increase the heartbeat interval to 60 seconds, run this command:

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter OS user password>
Last login: Tue Aug  9 10:58:55 2016 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/utils
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil store -a update_config auth_manager synchronization.replica_sync.heartbeat_interval.seconds 60 GLOBAL 501
Please enter OC Administrator username: ocadmin
Please enter OC Administrator password: *********
rsaadmin@am81p:/opt/rsa/am/utils>


  1. To increase the heartbeat interval to 120 seconds, run this command: 
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil store -a update_config auth_manager synchronization.replica_sync.heartbeat_interval.seconds 120 GLOBAL 501
Please enter OC Administrator username: ocadmin
Please enter OC Administrator password: *********
rsaadmin@am81p:/opt/rsa/am/utils>

Generate a new replica package from the RSA Authentication Manager 8.1 primary server


  1. From the primary's Operations Console, click Deployment Configuration > Instances > Generate Replica Package.
  2. Click Download to download the replica package.
  3. Click Save to save the replica_package.zip to your local machine.
  4. Click Done.
  5. Use the newly-generated replica package to complete the Quick Setup process on the replica.  The attachment will now be successful.

Attachments

    Outcomes