RSA Authentication Manager 8.x RADIUS unreachable or initiating data transfer after changing IP address of the replica server
3 years ago
Originally Published: 2015-02-18
Article Number
000050804
Applies To
RSA Product Set: SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition: 8.x
 
Issue
After successfully changing the IP address of the replica server on Authentication Manager, the RADIUS replication is broken. The replica RADIUS server is "unreachable" or "Initiating data transfer". Clicking "Initiate Replication" changes the status to "Initiating data transfer" for a long time.  After refreshing the page. the status again becomes "unreachable."
Cause
After changing IP address of the replica server, the replica.ccmpkg does not recognize the new IP address and retains the old one.

Navigate to the /opt/rsa/am/radius directory and open replica.ccmpkg file, you will find the IP_ADDRESS value is the old IP address rather than the new one.  A sample is below:
  
<ccmChunk length = "117" type = "text/xml"/>
<documents><document name = 'managed' type = 'monolith'><source base = 'documents'></source></document></documents>
<ccmChunk length = "244" type = "text/xml"/>
<managed>
<ccm address = '<old_IP_address' encryptedSecret = '{fsw} 1,eee7eb5fec97b8b34dfc3c6cefe99b96527d4086eb4acd4957ce74d11d49d2cfb1f81351d54e63ab27f1e756bd8460d9' 
id = 'am81p.vcloud.local' port = '1812' url = '/ccm-update'>
</ccm>
</managed>

If you run the sbrsetuptool script on the primary then on the replica, the issue will be solved for some time, but after restarting the services or rebooting, the replica.ccmpkg will hold the old IP address.
Resolution
To resolve the issue, run the sbrsetuptool on the primary Authentication Manager server:
  1. Login to the Authentication Manager primary server via SSH, vSphere or direct connection.
  2. Navigate to /opt/rsa/am/server.
  3. Stop the RADIUS service with the command ./rsaserv stop radius.
  4. Navigate to /opt/rsa/am/utils.
  5. Obtain the RADIUS secret with the command ./rsautil manage-secrets -a listall.  Look for the value of the com.rsa.radius.replication.secret.
  6. Navigate to /opt/rsa/am/radius.
  7. Run the command ./sbrsetuptool -identity PRIMARY -secret <value of the com.rsa.radius.replication.secret>
  8. Navigate to /opt/rsa/am/server.
  9. Start the RADIUS service with the command ./rsaserv start radius.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter OS user password>
Last login: Wed Oct  7 16:30:21 2015 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/server
rsaadmin@am81p:~> ./rsaserv stop radius
Stopping RSA RADIUS Server: **
RSA RADIUS Server                                          [SHUTDOWN]
rsaadmin@am81p:/opt/rsa/am/server> cd ../utils
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a listall
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.radius.replication.secret .....................: rhVmupDx0J
saadmin@am81p:/opt/rsa/am/utils> cd ../radius
rsaadmin@am81p:/opt/rsa/am/radius> ./sbrsetuptool -identity PRIMARY -secret rhVmupDx0J
rsaadmin@am81p:/opt/rsa/am/radius> cd ../server
rsaadmin@am81p:/opt/rsa/am/server> ./rsaserv start radius
Starting RSA Administration Server with Operations Console:  
RSA Database Server                                        [RUNNING]
Starting RSA Database Server:
RSA Administration Server with Operations Console          [RUNNING]
Starting RSA RADIUS Server Operations Console:
RSA RADIUS Server Operations Console                       [RUNNING]
Starting RSA Runtime Server: *
RSA Runtime Server                                         [RUNNING]
Starting RSA RADIUS Server: *
RSA RADIUS Server                                          [RUNNING]
rsaadmin@am81p:/opt/rsa/am/server>

Next reconfigure RADIUS on the replica server(s).
  1. Login to the Authentication Manager replica server via SSH, vSphere or direct connection.
  2. Navigate to /opt/rsa/am/server.
  3. Stop the RADIUS service with the command ./rsaserv stop radius.
  4. Navigate to /opt/rsa/am/config.
  5. Run the command ./config.sh RadiusOCConfig.configure.  
  6. Navigate to /opt/rsa/am/server.
  7. Start the RADIUS service with the command ./rsaserv start radius.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter OS user password>
Last login: Wed Oct  7 17:25:01 2015 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81r:~> cd /opt/rsa/am/server
rsaadmin@am81r:~> ./rsaserv stop radius
Stopping RSA RADIUS Server: **
RSA RADIUS Server                                          [SHUTDOWN]
rsaadmin@am81r:/opt/rsa/am/server> cd ../config
rsaadmin@am81r:/opt/rsa/am/config> ./config.sh RadiusOCConfig.configure
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
saadmin@am81r:/opt/rsa/am/config> cd ../server
rsaadmin@am81r:/opt/rsa/am/server> ./rsaserv start radius
Starting RSA Administration Server with Operations Console:  
RSA Database Server                                        [RUNNING]
Starting RSA Database Server:
RSA Administration Server with Operations Console          [RUNNING]
Starting RSA RADIUS Server Operations Console:
RSA RADIUS Server Operations Console                       [RUNNING]
Starting RSA Runtime Server: *
RSA Runtime Server                                         [RUNNING]
Starting RSA RADIUS Server: *
RSA RADIUS Server                                          [RUNNING]
rsaadmin@am81r:/opt/rsa/am/server>

 Now launch the Security Console from the primary server.  Choose RADIUS > RADIUS Server and click Initiate Replication.  When done, the replication status should show as Synchronized.

Related Articles

Trending Articles

Don't see what you're looking for?