RSA Authentication Manager Services Fail to Start Due to 'no pg_hba.conf entry for host' Error
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
Issue
- Several Authentication Manager services are encountering startup failures, as indicated by the errors logged in the postgres logs located at /opt/rsa/am/rsapgdata/log:
rsa_dba 65cabf13.139b 5/958 0 FATAL: no pg_hba.conf entry for host "192.168.6.10", user "rsa_dba", database "db", SSL encryption
- Additionally, the errors logged in the /opt/rsa/am/server/logs/radiusoc.log are as follows:
####<Feb 11, 2024 7:17:11,458 PM CET> <Error> <Deployer> <rsa-replica> <radiusoc> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <338f01b3-dcd8-4bf0-8100-1d9039ccb5b6-00000008> <1707675431458> <[severity-value: 8] [rid: 0] > <BEA-149231> <Unable to set the activation state to true for the application "am-radius-app". weblogic.application.ModuleException: org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "192.168.6.10", user "rsa_user", database "db", SSL encryption
- When starting all the AM services at once (with dependencies) using the below command:
/opt/rsa/am/server/rsaserv start allResult:
- Running services:
Database, Administration with OC, Runtime
- Shutdown services:
RADIUS with OC, RADIUS, Console, Replication
Cause
- /opt/rsa/am/rsapgdata/pg_hba.conf
- /opt/rsa/am/rsapgdata/postgresql.conf
Resolution
1. Stop all the services on the non-working server:
/opt/rsa/am/server/rsaserv stop all
2. Use an SSH client (e.g. WinSCP) to connect to the working server.
3. Copy the /opt/rsa/am/rsapgdata/pg_hba.conf to a Windows machine.
4. Use an SSH client (e.g. Putty) to connect to the non-working AM server's CLI.
5. Using WinSCP, copy the pg_hba.conf file (from step #3) from your Windows machine to the /tmp directory on the non-working AM server.
6. Change directories:
cd /opt/rsa/am/rsapgdata/
7. Rename the old pg_hba.conf file to pg_hba.conf.bak:
mv pg_hba.conf pg_hba.conf.bak
8. Copy the pg_hba.conf from the /tmp directory to /opt/rsa/am/rsapgdata/:
mv /tmp/pg_hba.conf /opt/rsa/am/rsapgdata/
9. Start the AM services:
/opt/rsa/am/server/rsaserv start all
Related Articles
RCM unattended startup using the startup.conf file is not working properly Number of Views Listing multiple Domain Controllers in ipmap_conf.txt Number of Views Where do I find get the sftpagent.conf file from? Number of Views How to dynamically apply webagent.conf changes to your Apache Web server without stopping and restarting the server Number of Views How to restore the Server Nodes configuration in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
