Unable to reach one of the appliances in a cluster intermittently
Originally Published: 2009-11-16
Article Number
Applies To
RSA Key Manager Appliance 2.5.0.3
BIG-IP F5 Load Balancer
Issue
Load balancer setup in the same subnet as the RKM Appliances marks one of the appliances as inactive, while the other appliance is marked as active.
A Windows box on the same subnet as the RKM Appliances can connect to (/KMS, /rkmawa, /admingui on) one of the appliances without any problem (using its IP, not through the load balancer), but can only intermittently connect to the other appliance (using its real IP) that is also marked as inactive by the Load Balancer.
Other computers on different subnet than the RKM Appliances can consistently connect successfully to both appliances (through their real IP addresses).
Cause
Resolution
Notes
1. Determine MAC address being used by the RKM Appliance Ethernet interface(s):
- Log in as root via ssh
- Type in the command "ifconfig" and make a note of IP address ('inet addr') and the corresponding MAC address for Ethernet/NIC ('HWaddr')
2. Determine MAC address for the RKM Appliance being set on the BIG-IP load balancer:
- Log in to the load balancer admin console via browser
- Go to Main -> Network -> ARP -> Dynamic List
- Confirm whether or not the MAC address listed for the RKM Appliance matches with what you get from #1 above.
- If the MAC address does not match, a temporary workaround is to delete the rogue entry from the Dynamic List and manually add the RKM Appliance IP address with the correct MAC address under Static List
3. Determine MAC address for the RKM Appliance being set on a Windows box on the same subnet:
- Open a command prompt and type in the command "arp -a". If no recent attempt has been made to connect to the RKM Appliance, the list will not show a cached entry for the RKM Appliance IP and a paired up MAC address.
- Open a browser and attempt to connect to either of /KMS, /rkmawa, or /admingui. You may get an error that page can not be displayed.
- Type in the command "arp -a" again, and check the cache entries for the RKM Appliance IP/MAC address against what you get in #1 above.
If the MAC address assigned to the RKM Appliance IP address on either Load Balancer or Windows box do not match up with what you get in step #1 above, it is an indication of a rogue device on the same subnet configured to use the same IP as the RKM Appliance.
Related Articles
Status pages very slow on one of the two appliances in a cluster Number of Views Accurate System Date and Time Settings Number of Views How user-entitlement clusters works when Role Mining in RSA Identity Governance & Lifecycle Number of Views Remote Administration failing with one of several listed errors Number of Views RSA Announces Electronic RSA SecurID Software Token Enablement Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
