RSA RADIUS server fails to start on an RSA Authentication Manager 8.x Instance
Originally Published: 2020-07-17
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
Platform: Linux
O/S Version: SUSE Enterprise Linux
Issue
An administrator has noticed the RSA RADIUS server is in a [SHUTDOWN] state when checking the status of the Authentication Manager services with the command: /opt/rsa/am/server/rsaserv status all
Example:
rsaadmin@am84p:~> /opt/rsa/am/server/rsaserv status all RSA Database Server [RUNNING] RSA Administration Server with Operations Console [RUNNING] RSA RADIUS Server Operations Console [RUNNING] RSA Runtime Server [RUNNING] RSA RADIUS Server [SHUTDOWN] RSA Console Server [RUNNING] RSA Replication (Primary) [RUNNING] rsaadmin@am84p:~>
A review of the RSA RADIUS log file (that is yyyymmdd.log | 20200717.log) in the /opt/rsa/am/radius folder reports the following message on startup:
... ... ... 07/16/2020 13:05:23 Radius Authentication Server started ... 07/16/2020 13:05:23 ../radacctd.c radAcctMasterThread 280 Entering 07/16/2020 13:05:23 Starting DCF system 07/16/2020 13:05:23 DCF system failed to start (hr = -2147467259 from dcfWaitStarted) 07/16/2020 13:05:23 failed to start Radius Server ... 07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException (HRESULT: 80004005) 07/16/2020 13:05:23 system.log: (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069 07/16/2020 13:05:23 system.log: message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml! 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (1) from: dcfInitThreadContext.cpp:59 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException (HRESULT: 80004005) 07/16/2020 13:05:23 system.log: (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069 07/16/2020 13:05:23 system.log: message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml! 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (1) from: dcfInitThreadContext.cpp:59 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (2) from: dcfInitThreadContext.cpp:60 07/16/2020 13:05:23 system.log: message: aborting start up process due to exception 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (3) from: dcfInitThread.cpp:241 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 Initialization failure, server shutting down 07/16/2020 13:05:23 Shutting down Radius Authentication Server ... 07/16/2020 13:05:23 Uninitializing authentication libraries 07/16/2020 13:05:23 Destroyed instance of SecurID authentication library 07/16/2020 13:05:23 Uninitializing Radius network comm 07/16/2020 13:05:23 ../radauthd.c radAuthMain() 264 Exiting 07/16/2020 13:05:24 ../radacctd.c radAcctMasterThread 513 Exiting 07/16/2020 13:05:24 Shutting down Radius Accounting Server ... 07/16/2020 13:05:24 Uninitializing Radius Accounting comm 07/16/2020 13:05:24 ../radacctd.c radAcctMain() 222 Exiting 07/16/2020 13:05:24 Server shut down after failure
Cause
Resolution
Where there is another Authentication Manager instance in the Authentication Manager deployment with a running RSA RADIUS Server then an administrator could use the following steps:
- Logon to the command line using the operating system account, e.g., rsaadmin
- To copy the sbr_administration.xml file from another Authentication Manager instance use this command: scp rsaadmin@{AM_instance_FQDN}:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius
** substitute {AM_instance_FQDN} with the fully qualified hostname (or IP address) of the other Authentication Manager instance
Example:
Alternatively, contact RSA Customer Support and provide software version information on your Authentication Manager instance in order to obtain a suitable copy of the sbr_administration.xml file.Example:
rsaadmin@am84p:~> scp rsaadmin@am84r.csau.ap.rsa.net:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius The authenticity of host 'am84r.csau.ap.rsa.net (192.168.31.38)' can't be established. ECDSA key fingerprint is SHA256:XVnMbmVf2NwWY1HIp7M88nIETHoXlm6qcwyQJzVJ2Og. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'am84r.csau.ap.rsa.net,192.168.31.38' (ECDSA) to the list of known hosts. Password: sbr_administration.xml 100% 12KB 11.5KB/s 00:00 rsaadmin@am84p:~>
Notes
Related Articles
RSA MFA Agent 2.1.1 for Microsoft Windows Installation and Administration Guide Number of Views RSA MFA Agent 2.1 for Microsoft Windows Installation and Administration Guide Number of Views rsa_mfa_agent_windows_2.1.4_installation_administration_guide.pdf Number of Views Envelope a message for another user when the current user (current session) does not have a registered keypair Number of Views How to bypass RSA SecurID multiple domain authentication page Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
