This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Error message "can't connect to ace server" with the RSA Apache Web Agent 8.0

Article Number

000035550

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web
RSA Version/Condition: 8.0 for Apache Web Server
Platform: Linux
O/S Version: RHEL
 

Issue

When running acestatus, the error below is reported: 
Error can't connect to ACE/Server

Also when running acetest, the error below is seen: 
AceInitialize failed

Cause

Apache web agent works in two modes: UDP (default) and TCP.  In TCP mode the hostname of the machine is set as the name of the agent entry in Security Console. These must be exact and the same as in rsa_api.properties.

Resolution

  1.  Set the environment variable USEUDP_ENV_VAR to be false. 
    export USEUDP_ENV_VAR=false
  2. Get the proper hostname of the machine: 
    hostnamectl status
    Note: Static, pretty and transient must be the same. If they need to be changed here is the syntax: 
    # hostnamectl set-hostname "Your Host Name Here"
# hostnamectl set-hostname "Your Host Name Here" --pretty
# hostnamectl set-hostname "Your Host Name Here" --static
# hostnamectl set-hostname "Your Host Name Here" --transient
  3. Set that name properly in rsa_api.properties along with the following other settings: 
    # Name of the agent. The same needs to be configured in AM. Default value is the Hostname of the machine
RSA_AGENT_NAME = <hostname of the Linux server>
...
...
...
# Path of the AM configuration file.
# For Windows
# SDCONF_LOC = C:\RSA_AuthSDK\sdconf.rec
# For Non-Windows
SDCONF_LOC = /var/ace/sdconf.rec
...
...
...
# Folder location where "config.xml", "bootstrap.xml" and "root.cer" will be created.
# For Windows
# RSA_CONFIG_DATA_LOC = C:\RSA_AuthSDK
# For Non-Windows
RSA_CONFIG_DATA_LOC = /var/ace/
    Note 1: The RSA_AGENT_NAME must be here exactly as written on the Security Console
    Note 2: RSA_CONFIG_DATA_LOC is the location of the files needed for TCP and it will be inside a directory with the name of the agent set above.
  4. Start the Apache server using the command below. 
    httpd -k start

Notes

  • With UDP there is no use for the Config location nor the rsa_api.properties file. UDP agent entries in AM Security Console usually resolve to the hostname.
  • The node secret file (securid) is only utilized in the UDP mode.
  • UDP is the default method of communication used and more information can be found in the Apache Agent Guide.
  • TCP was not utilized until Apache agent 8.0 and above, which uses Agent API ver. 8.5 and above.  TCP agent entries in Security Console usually must resolve to the agent name configured in rsa_api.properties.  You can create a single agent entry in Security Console for multiple (1000s) of TCP agents providing all agents have the same agent name configured in their rsa_api.properties file.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 10:35 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.