Identity Router Update Fails without being Distressed
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: all
Issue
The Network Diagnostics page on the management console of the Identity Router shows a network connection issue to the repo URL.
Cause
To check the Network Diagnostics page, open a browser and go to https://<IDR Management Portal IP>/login.jsp >> Diagnostics >> View Network Diagnostics
To check whether the repo URL is resolvable by the DNS server or not, SSH into the IDR and execute the below command:
wget --no-check-certificate -S https://public-apprepo-pwcampbell.access.securid.comfrom the output seen below, the repo URL is not resolvable, hence the error in the Diagnostics page:
Resolving public-apprepo-pwcampbell.access.securid.com (public-apprepo-pwcampbell.access.securid.com)... failed: Name or service not known. wget: unable to resolve host address ‘public-apprepo-pwcampbell.access.securid.com’
Resolution
- Open a browser and go to https://<IDR Management Portal IP>/login.jsp
- Click on 'Network Settings' at the top of the page.
- Under 'DNS Configuration', change the IP address of the DNS server to one that can resolve the repo URL, such as Google's DNS public server 8.8.8.8 for example. (This DNS server could be an internal server or a public server, but it needs to be able to resolve the repo URL)
- Click on 'Update IDR Setup Configuration'
- Update the Identity Router from the Cloud Admin Console.
wget --no-check-certificate -S https://public-apprepo-pwcampbell.access.securid.com/from the output seen below, the repo URL is resolvable:
Resolving public-apprepo-pwcampbell.access.securid.com (public-apprepo-pwcampbell.access.securid.com)... 52.188.41.46 Connecting to public-apprepo-pwcampbell.access.securid.com (public-apprepo-pwcampbell.access.securid.com)|52.188.41.46|:443... connected.
