This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Authentication using acetest fails TRANSACTION_ROLLBACK on real time authentication activity monitor for RSA Authentication Agent 8.0.x for Web: Apache Web Server

Article Number

000038116

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Agent for Web:  Apache
RSA Version/Condition: 8.0.x

Issue

RSA Authentication Agent for Web: Apache Web Server is installed on a Red Hat Enterprise Linux (Red Hat Enterprise Linux) server. An authentication attempt using the acetest utility fails with the following error on real-time authentication activity monitor:

TRANSACTION_ROLLBACK

Cause

The authentication request is coming from an invalid IP address. The agent record on the RSA Authentication Manager server was configured with one IP address, and the request is coming from another IP address.

Also, the acestatus output showed a Server Active Address: 0.0.0.0154.236 which indicates a corrupt sdconf.rec file.

Resolution

  1. Connect to Security Console for the primary RSA Authentication Manager server
  2. Navigate to Access > Authentication Agents > Generate Configuration File and download the AMconfig.zip.
  3. Extract the sdconf.rec file from the .zip.
  4. Replace the existing sdconf.rec file on the Apache server with the one extracted above.
  5. Run the command acestatus and ensure that the correct primary server IP address is displayed.
  6. From the primary's Security Console, navigate to Access > Authentication Agents > Manage Existing and locate the agent that is having the issue.
  7. Click the context arrow next to the agent name and choose Delete.
  8. Open a real time authentication activity monitor (Reports > Real Time Monitors > Authentication Activity Monitor) and press Start Monitor.
  9.  Perform the authentication using acetest. Notice the message on real-time authentication activity monitor and jot down the IP address:
Agent host not found n.n.n.n
  1. Navigate to navigate to Access > Authentication Agents > Add New.
  2. Recreate the agent record in the Security Console using the IP address noted in Step 9 above.
  3. On the Apache web server, edit the sdopts.rec file to add the CLIENT_IP value in the format below.  Replace the n.n.n.n value with the IP address in Step 9:
CLIENT_IP=n.n.n.n
  1. Perform authentication using acetest.  Authentication will be successful.
  2. Restart the Apache web server.
  3. Perform the authentication on the web page to confirm.

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 12:58 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.