RSA RADIUS server fails to start on an RSA Authentication Manager 8.x Instance
Originally Published: 2020-07-17
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
Platform: Linux
O/S Version: SUSE Enterprise Linux
Issue
An administrator has noticed the RSA RADIUS server is in a [SHUTDOWN] state when checking the status of the Authentication Manager services with the command: /opt/rsa/am/server/rsaserv status all
Example:
rsaadmin@am84p:~> /opt/rsa/am/server/rsaserv status all RSA Database Server [RUNNING] RSA Administration Server with Operations Console [RUNNING] RSA RADIUS Server Operations Console [RUNNING] RSA Runtime Server [RUNNING] RSA RADIUS Server [SHUTDOWN] RSA Console Server [RUNNING] RSA Replication (Primary) [RUNNING] rsaadmin@am84p:~>
A review of the RSA RADIUS log file (that is yyyymmdd.log | 20200717.log) in the /opt/rsa/am/radius folder reports the following message on startup:
... ... ... 07/16/2020 13:05:23 Radius Authentication Server started ... 07/16/2020 13:05:23 ../radacctd.c radAcctMasterThread 280 Entering 07/16/2020 13:05:23 Starting DCF system 07/16/2020 13:05:23 DCF system failed to start (hr = -2147467259 from dcfWaitStarted) 07/16/2020 13:05:23 failed to start Radius Server ... 07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException (HRESULT: 80004005) 07/16/2020 13:05:23 system.log: (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069 07/16/2020 13:05:23 system.log: message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml! 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (1) from: dcfInitThreadContext.cpp:59 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException (HRESULT: 80004005) 07/16/2020 13:05:23 system.log: (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069 07/16/2020 13:05:23 system.log: message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml! 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (1) from: dcfInitThreadContext.cpp:59 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (2) from: dcfInitThreadContext.cpp:60 07/16/2020 13:05:23 system.log: message: aborting start up process due to exception 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (3) from: dcfInitThread.cpp:241 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 Initialization failure, server shutting down 07/16/2020 13:05:23 Shutting down Radius Authentication Server ... 07/16/2020 13:05:23 Uninitializing authentication libraries 07/16/2020 13:05:23 Destroyed instance of SecurID authentication library 07/16/2020 13:05:23 Uninitializing Radius network comm 07/16/2020 13:05:23 ../radauthd.c radAuthMain() 264 Exiting 07/16/2020 13:05:24 ../radacctd.c radAcctMasterThread 513 Exiting 07/16/2020 13:05:24 Shutting down Radius Accounting Server ... 07/16/2020 13:05:24 Uninitializing Radius Accounting comm 07/16/2020 13:05:24 ../radacctd.c radAcctMain() 222 Exiting 07/16/2020 13:05:24 Server shut down after failure
Cause
Resolution
An administrator will need to restore the missing file called sbr_administration.xml.
Where there is another Authentication Manager instance in the Authentication Manager deployment with a running RSA RADIUS Server then an administrator could use the following steps:
- Logon to the command line using the operating system account, e.g., rsaadmin
- To copy the sbr_administration.xml file from another Authentication Manager instance use this command: scp rsaadmin@{AM_instance_FQDN}:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius
** substitute {AM_instance_FQDN} with the fully qualified hostname (or IP address) of the other Authentication Manager instance
Example:
Example:
rsaadmin@am84p:~> scp rsaadmin@am84r.csau.ap.rsa.net:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius The authenticity of host 'am84r.csau.ap.rsa.net (192.168.31.38)' can't be established. ECDSA key fingerprint is SHA256:XVnMbmVf2NwWY1HIp7M88nIETHoXlm6qcwyQJzVJ2Og. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'am84r.csau.ap.rsa.net,192.168.31.38' (ECDSA) to the list of known hosts. Password: sbr_administration.xml 100% 12KB 11.5KB/s 00:00 rsaadmin@am84p:~>
Alternatively, contact RSA Customer Support and provide software version information on your Authentication Manager instance in order to obtain a suitable copy of the sbr_administration.xml file.
Notes
Contact information for RSA Customer Support is available at URL How to contact RSA Support
Related Articles
The RSA Authentication Manager 8.x RSA RADIUS Server Operations Console Service Stops with a FAILED State. Number of Views RSA RADIUS Overview Number of Views Performing RADIUS authentication tests with NTRadPing to RSA Authentication Manager Number of Views How to Enable RADIUS Debug and Verbose Logs in RSA Authentication Manager 8.6 and Later Number of Views Functionality requiring the retrieval of encrypted passwords is failing after a database restore in RSA Identity Governanc… Number of Views
Trending Articles
How to Download OTP Token Seed Files from myRSA RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8
Don't see what you're looking for?
