This article explains and provides a solution for issues which are seen when trying to connect to the RSA web tier from the internet. The requests to the web tier are being routed through a load balancer; in this case, Azure App Gateway.

The Authentication Manager server was unable to identify the incoming requests though the the backend instance IP addresses of the Azure App Gateway added under the Virtual Host load balancer page in the Operations Console.

• On the side of the end user who is trying to access the web tier console from the internet to login, the following error is seen:

• In the /opt./rsa/am/server/ImsTrace.log collected from the Authentication Manager server the following errors are registered:

ERROR	16042	Execute command	Administrator “SYSTEM” attempted to execute command “com.rsa.ims.sso.service.CheckAccessCommand”	Failure	Unexpected exception caught	SYSTEM
UNEXPECTED_EXCEPTION	Webtier.selfservice.com		XX.XX,XX.XX	system.com.rsa.command.CommandServerEngine	com.rsa.ims.sso.service.CheckAccessCommand
com.rsa.common.SystemException: Access denied. The authentication request was routed through a load balancer/Proxy server that is not recognized by the system.

• On the Authentication Manager server System Activity Report (Reporting > Reports > Add New or Manage Existing), the following errors are shown:

com.rsa.command.AuditedLocalizableSystemException: COMMAND_EXECUTION_UNEXPECTED_ERRORcom.rsa.command.AuditedLocalizableSystemException: COMMAND_EXECUTION_UNEXPECTED_ERROR Caused by:
com.rsa.common.SystemException: Unable to perform pre-Login process... Caused by: java.net.UnknownHostException: XX.XX.XX.XX:XXXX: invalid IPv6 address at
java.net.InetAddress.getAllByName(InetAddress.java:1170) at java.net.InetAddress.getAllByName(InetAddress.java:1127) at java.net.InetAddress.getByName(InetAddress.java:1077) at
com.rsa.ims.sso.service.SSOPreLoginCommand.performExecute(SSOPreLoginCommand.java:160) at com.rsa.ims.sso.service.SSOPreLoginCommand.performExecute(SSOPreLoginCommand.java:280)