Testing TCP ports on RSA Authentication Manager 8.x instances with a script (Script attached)
Originally Published: 2018-01-11
Article Number
Applies To
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1 SP1 or later
Platform: Linux
Issue
An administrator has a requirement to check the presence of TCP ports on Authentication Manager instances in a deployment in case a firewall or other device is blocking communication between the primary and replica instance(s).
Resolution
The Linux shell script must be run with root privileges and requires the Operations Console username and password to read the Authentication Manager hostnames stored in the Authentication Manager database. The Linux shell script will use the Authentication Manager hostnames to perform name resolution via configured domain name server(s) and check for the presence of TCP ports on these Authentication Manager instances.
Installation
- Download and copy the attached commcheck.sh shell script into the /tmp folder on an Authentication Manager instance in the deployment. Review the following article on how to enable Secure Shell on the Appliance, if needed. Where SSH has been enabled, a secure FTP client, such as WinSCP can be used to copy the shell script into the /tmp folder.
- Change the permissions of the commcheck.sh so it can be run at the command line:
chmod 755 /tmp/commcheck.sh
Usage
- Logon to the Authentication Manger instance with the rsaadmin account, either in an SSH session or at the local console.
- Change the privileges of the rsaadmin account using the command:
sudo su -
Note that if you do not change the privileges of the rsaadmin account the following message appears:
You must be the root user to use this program; exiting...
- Go to the /tmp folder using the command:
cd /tmp
- The shell script can be executed in one of two ways, as Operations Console user credentials are required. Note that in the first example the Operations Console admin password will be displayed in clear text, while in option two it is masked.
cd /tmp ./commcheck.sh <Operations Console admin name> <Operations Console admin password> Checking OC credentials.. OC credentials validated... redirecting to menu..
or
cd /tmp ./commcheck.sh Checking OC credentials....missing OC credentials! Please enter OC Administrator username: <Operations Console admin name> Please enter OC Administrator password: <Operations Console admin password> OC credentials validated... redirecting to menu..
- The shell script menu displays:
RSA Customer Support (Asia Pacific) Communications Check - AM TCP ports 1) Display Authentication Manager Hostnames 2) Perform Communications Check 3) Generate a Report 9) Exit Please select an option
Display Authentication Manager Hostnames
Option 1 will read the Authentication Manager hostnames from the Authentication Manager database and displays them on the screen.For example:
RSA Customer Support (Asia Pacific) Communications Check - AM TCP ports 1) Display Authentication Manager Hostnames 2) Perform Communications Check 3) Generate a Report 9) Exit Please select an option 1 Retrieving hostnames of AM instances.. Primary is am86p.securidcsapj.local with IP address 10.0.0.226 Replica is am86r.securidcsapj.local with IP address 10.0.0.227 Done! Press any key to continue...
Perform Communications Check
Option 2 uses the Authentication Manager hostnames to perform a name lookup using DNS and then checks for the presence of the TCP ports. For example:
RSA Customer Support (Asia Pacific) Communications Check - AM TCP ports 1) Display Authentication Manager Hostnames 2) Perform Communications Check 3) Generate a Report 9) Exit Please select an option 2 Communications Check.. - this Authentication Manager is am86p.securidcsapj.local using software version 8.6.0.2.0 - Primary is am86p.securidcsapj.local with IP address 10.0.0.226 Name Resolution via DNS - hostname lookup ;; connection timed out; no servers could be reached PING am86p.securidcsapj.local (10.0.0.226) 56(84) bytes of data. 64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=1 ttl=64 time=0.027 ms 64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=2 ttl=64 time=0.044 ms 64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=3 ttl=64 time=0.046 ms 64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=4 ttl=64 time=0.038 ms --- am86p.securidcsapj.local ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.027/0.038/0.046/0.010 ms Name Resolution via DNS - IP address lookup ;; connection timed out; no servers could be reached PING 10.0.0.226 (10.0.0.226) 56(84) bytes of data. 64 bytes from 10.0.0.226: icmp_seq=1 ttl=64 time=0.030 ms 64 bytes from 10.0.0.226: icmp_seq=2 ttl=64 time=0.047 ms 64 bytes from 10.0.0.226: icmp_seq=3 ttl=64 time=0.055 ms 64 bytes from 10.0.0.226: icmp_seq=4 ttl=64 time=0.035 ms --- 10.0.0.226 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2998ms rtt min/avg/max/mdev = 0.030/0.041/0.055/0.012 ms TCP Port Checks Authentication port ------------------- am86p.securidcsapj.local authn port 5500 success am86p.securidcsapj.local authn port 5555 success Replication ports ----------------- am86p.securidcsapj.local replication port 7002 success am86p.securidcsapj.local replication port 1812 LOCAL ACCESS ONLY in 8.6.0.2.0 am86p.securidcsapj.local replication port 1813 NOT USED in 8.6.0.2.0 Adjudicator port ---------------- am86p.securidcsapj.local adjudicator port 7022 success Console ports ------------ am86p.securidcsapj.local security console port 7004 success am86p.securidcsapj.local operations console port 7072 success am86p.securidcsapj.local https port 443 success SSH port -------- am86p.securidcsapj.local ssh port 22 success AM Services ports ----------------- am86p.securidcsapj.local auto-reg port 5550 success am86p.securidcsapj.local offline auth port 5580 success Required by Promotion feature ----------------------------- am86p.securidcsapj.local radius configure port 7082 success Name Resolution via DNS - hostname lookup ;; connection timed out; no servers could be reached PING am86r.securidcsapj.local (10.0.0.227) 56(84) bytes of data. 64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=1 ttl=64 time=0.637 ms 64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=2 ttl=64 time=0.771 ms 64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=3 ttl=64 time=0.263 ms 64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=4 ttl=64 time=0.524 ms --- am86r.securidcsapj.local ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 0.263/0.548/0.771/0.188 ms Name Resolution via DNS - IP address lookup ;; connection timed out; no servers could be reached PING 10.0.0.227 (10.0.0.227) 56(84) bytes of data. 64 bytes from 10.0.0.227: icmp_seq=1 ttl=64 time=0.478 ms 64 bytes from 10.0.0.227: icmp_seq=2 ttl=64 time=0.397 ms 64 bytes from 10.0.0.227: icmp_seq=3 ttl=64 time=0.415 ms 64 bytes from 10.0.0.227: icmp_seq=4 ttl=64 time=0.344 ms --- 10.0.0.227 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.344/0.408/0.478/0.051 ms TCP Port Checks Authentication port ------------------- am86r.securidcsapj.local authn port 5500 success am86r.securidcsapj.local authn port 5555 FAILED Replication ports ----------------- am86r.securidcsapj.local replication port 7002 success am86r.securidcsapj.local replication port 1812 LOCAL ACCESS ONLY in 8.6.0.2.0 am86r.securidcsapj.local replication port 1813 NOT USED in 8.6.0.2.0 Adjudicator port ---------------- am86r.securidcsapj.local adjudicator port 7022 success Console ports ------------ am86r.securidcsapj.local security console port 7004 success am86r.securidcsapj.local operations console port 7072 success am86r.securidcsapj.local https port 443 success SSH port -------- am86r.securidcsapj.local ssh port 22 success AM Services ports ----------------- am86r.securidcsapj.local auto-reg port 5550 success am86r.securidcsapj.local offline auth port 5580 success Required by Promotion feature ----------------------------- am86r.securidcsapj.local radius configure port 7082 success Done! Press any key to continue...
Generate a Report
Option 3 will generate a report and provide the user with a report name. The content of the report is the same as the display when using Option 2. For example:
RSA Customer Support (Asia Pacific) Communications Check - AM TCP ports 1) Display Authentication Manager Hostnames 2) Perform Communications Check 3) Generate a Report 9) Exit Please select an option 3 - please wait while a report is created.. this may take time where there are slow lookups! ..review the log file /tmp/am86p_commcheck_202204041052.log for results.. Press any key to continue...
Should a TCP port not be available then a FAILED message will be in the display output or report, as shown here:
am86p.securidcsapj.local replication port 7002 FAILEDAttachments
If the attachment does not open when clicked, please refresh the page and try again. You must be logged into view the file(s).
Related Articles
Port Traffic for RSA Authentication Manager Number of Views RADIUS client is unable to authenticate against replica instance in the RSA Authentication Manager 8.x Number of Views Checklist for successful promotion of RSA Authentication Manager 8.x replica instance for maintenance Number of Views Ports for the RSA Authentication Manager Instance Number of Views Software update using RSA Authentication Manager 8.4 patch 2 fails on an Authentication Manager instance. Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
