This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
SteveRuckstuhl
Beginner
Beginner
‎2016-09-13 05:54 AM

Standard agent does not speak with RSA AM 8.1

HI.

 

Authentication Activity monitor shows no communication between the RSA agent and RSA AM.

RSA Agent was working fine before...have no idea about any changes that caused the problem.

If I compare with other instances on separate environnment, I noticed that RSA AM listen on ports 5550 and 5580.

This is not the case on the defect environment.

We have only one instance (no replica).
All RSA AM services are up, but something seems to be sleeping...a service on RSA AM that does not listen on port 5550 and 55580.

We have no Firewall between the agent and the RSA AM. The Windows firewall is unactive on the agent side.

We have RSA AM 8.1 .

Labels (1)
Labels
0 Likes
Reply
3 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2016-09-13 02:20 PM

Steve Ruckstuhl,

 

  • Is only one agent failing to authenticate or multiple agents?  Which agent(s) are you testing?  We have several options:
  • The Microsoft Windows agent,
  • Web agents for both IIS and for Apache,
  • A PAM agent,
  • An agent for AD FS, and
  • An agent for Citrix StoreFront?

 

  • Please provide the type of agent as well as the version number.  Also, are you using native SecurID or RADIUS as the authentication protocol?
  • How many IP addresses does the agent machine have?  Did you configure an IP address override in the agent interface or in the sdopts.rec file?
  • You mentioned that the agent was working fine before.  Before what?  Was the agent upgraded or your server?  What other change(s) happened?
  • Authentication Manager and the agent communicate on 5550TCP for agent auto registration, your agents use DHCP to get their IP address, and on 5580TCP for communication regarding offline authentication.  
  • For a normal authentication, we use 5500UDP.  Please confirm that this port is open.  If you are not seeing the authentication attempt in the authentication activity monitor, you can enable agent logging and provide the log files to RSA support for review.

I'd suggest enabling tracing on the agent but the process is different for each agent, so I will wait on that until you reply.

 

Regards,

Erica

0 Likes
Reply
SteveRuckstuhl
Beginner
Beginner
In response to _EricaChalfin
‎2016-09-14 03:18 AM

Hi,

I found the issue yesterday.

So we can close the case.

 

thanks

Preview file
1 KB
Preview file
1 KB
0 Likes
Reply
AndreLocker
Occasional Contributor
Occasional Contributor
In response to SteveRuckstuhl
‎2016-09-27 12:55 PM

Hi Steve, i was wondering what the issue was. i'm having a similar problem on my rsa AM. Cab you let me know as it might help me out. Thx!

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.