Authentication Manager agent / server contact list and the sdconf.rec file
Article Number
Applies To
Issue
Or
so that all currently available AM Servers; primary and replicas, are available for authentication
Tasks
2. Configure Agent Attributes to use this Server Contact list
3. Optionally 'automatically' update the default Server Contact list
4. Optionally Verify if your sdconf.rec file has all of your servers
Resolution
In the Security Console - Access - Authentication Agents - AM Contact List - Add New
Select the specific AM servers you want in this list, then Save.
2. Configure Agent Attributes to use this Server Contact list
In the Security Console, you can edit your Agent to only use this new Server Contact list
This agent will send authentication requests to the AM server in its Server Contact list
3. Optionally 'automatically' update the default Server Contact list
Often it makes more sense to let all or most agents to find and use any and all AM servers, even after new servers have been added and older servers decommissioned and removed. Use the Automatic Rebalance option in the Security Console - Access - Authentication Agents - AM Contact List - Automaitc Rebalance
4. Optionally Verify if your sdconf.rec file has all of your servers, use NotePAd++ to edit / view your sdconf.rec file
Notes
We did see a unique situation / problem that highlights how sdconf.rec works. A customer had a single primary, so the sdconf.rec and the Server contact list had one entry, with one name and one IP address. This customer had authentication working, but then changed the Primary IP address in the Operations Console. After this change, the agents no longer could find the primary, since its IP address no longer matched what the agent knew from its sdconf.rec file, and no replica could tell this agent about the change. The primary was a single point of failure.
