This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Announcements
SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
- RSA Community
- :
- Products
- :
- SecurID
- :
- Knowledge Base
- :
- RSA RADIUS server fails to start on an RSA Authentication Manager 8.x Instance
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
RSA RADIUS server fails to start on an RSA Authentication Manager 8.x Instance
Article Number
000039140
Applies To
RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
Platform: Linux
O/S Version: SUSE Enterprise Linux
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
Platform: Linux
O/S Version: SUSE Enterprise Linux
Issue
RADIUS Authentication requests are failing.
An administrator has noticed the RSA RADIUS server is in a [SHUTDOWN] state when checking the status of the Authentication Manager services with the command: /opt/rsa/am/server/rsaserv status all
Example:
A review of the RSA RADIUS log file (that is yyyymmdd.log | 20200717.log) in the /opt/rsa/am/radius folder reports the following message on startup:
An administrator has noticed the RSA RADIUS server is in a [SHUTDOWN] state when checking the status of the Authentication Manager services with the command: /opt/rsa/am/server/rsaserv status all
Example:
rsaadmin@am84p:~> /opt/rsa/am/server/rsaserv status all RSA Database Server [RUNNING] RSA Administration Server with Operations Console [RUNNING] RSA RADIUS Server Operations Console [RUNNING] RSA Runtime Server [RUNNING] RSA RADIUS Server [SHUTDOWN] RSA Console Server [RUNNING] RSA Replication (Primary) [RUNNING] rsaadmin@am84p:~>
A review of the RSA RADIUS log file (that is yyyymmdd.log | 20200717.log) in the /opt/rsa/am/radius folder reports the following message on startup:
... ... ... 07/16/2020 13:05:23 Radius Authentication Server started ... 07/16/2020 13:05:23 ../radacctd.c radAcctMasterThread 280 Entering 07/16/2020 13:05:23 Starting DCF system 07/16/2020 13:05:23 DCF system failed to start (hr = -2147467259 from dcfWaitStarted) 07/16/2020 13:05:23 failed to start Radius Server ... 07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException (HRESULT: 80004005) 07/16/2020 13:05:23 system.log: (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069 07/16/2020 13:05:23 system.log: message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml! 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (1) from: dcfInitThreadContext.cpp:59 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException (HRESULT: 80004005) 07/16/2020 13:05:23 system.log: (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069 07/16/2020 13:05:23 system.log: message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml! 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (1) from: dcfInitThreadContext.cpp:59 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (2) from: dcfInitThreadContext.cpp:60 07/16/2020 13:05:23 system.log: message: aborting start up process due to exception 07/16/2020 13:05:23 system.log: ----------------------------------------------------------------------------- 07/16/2020 13:05:23 system.log: (3) from: dcfInitThread.cpp:241 07/16/2020 13:05:23 system.log: message: Exception Handled 07/16/2020 13:05:23 Initialization failure, server shutting down 07/16/2020 13:05:23 Shutting down Radius Authentication Server ... 07/16/2020 13:05:23 Uninitializing authentication libraries 07/16/2020 13:05:23 Destroyed instance of SecurID authentication library 07/16/2020 13:05:23 Uninitializing Radius network comm 07/16/2020 13:05:23 ../radauthd.c radAuthMain() 264 Exiting 07/16/2020 13:05:24 ../radacctd.c radAcctMasterThread 513 Exiting 07/16/2020 13:05:24 Shutting down Radius Accounting Server ... 07/16/2020 13:05:24 Uninitializing Radius Accounting comm 07/16/2020 13:05:24 ../radacctd.c radAcctMain() 222 Exiting 07/16/2020 13:05:24 Server shut down after failure
Cause
The reason the RSA RADIUS server will not startup is because the /opt/rsa/am/radius folder has a missing file called sbr_administration.xml.
Resolution
An administrator will need to restore the missing file called sbr_administration.xml.
Where there is another Authentication Manager instance in the Authentication Manager deployment with a running RSA RADIUS Server then an administrator could use the following steps:
Where there is another Authentication Manager instance in the Authentication Manager deployment with a running RSA RADIUS Server then an administrator could use the following steps:
- Logon to the command line using the operating system account, e.g., rsaadmin
- To copy the sbr_administration.xml file from another Authentication Manager instance use this command: scp rsaadmin@{AM_instance_FQDN}:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius
** substitute {AM_instance_FQDN} with the fully qualified hostname (or IP address) of the other Authentication Manager instance
Example:
Alternatively, contact RSA Customer Support and provide software version information on your Authentication Manager instance in order to obtain a suitable copy of the sbr_administration.xml file.Example:
rsaadmin@am84p:~> scp rsaadmin@am84r.csau.ap.rsa.net:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius The authenticity of host 'am84r.csau.ap.rsa.net (192.168.31.38)' can't be established. ECDSA key fingerprint is SHA256:XVnMbmVf2NwWY1HIp7M88nIETHoXlm6qcwyQJzVJ2Og. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'am84r.csau.ap.rsa.net,192.168.31.38' (ECDSA) to the list of known hosts. Password: sbr_administration.xml 100% 12KB 11.5KB/s 00:00 rsaadmin@am84p:~>
Notes
Contact information for RSA Customer Support is available at URL https://community.rsa.com/docs/DOC-1294
Tags (50)
- 8
- 8.3
- 8.3.x
- 8.4
- 8.4.x
- 8.5
- 8.5.x
- 8.x
- Access
- AM
- Appliance
- Auth
- Auth Issue
- Auth Manager
- Authentication
- Authentication Issue
- Authentication Manager
- Availability
- Break Fix
- Break Fix Issue
- Broken
- Customer Support Article
- Functionality
- Issue
- Issues
- KB Article
- Knowledge Article
- Knowledge Base
- Login Issue
- Problem
- RSA AM
- RSA Auth Manager
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
- RSA SecurID Suite
- SecurID
- SecurID Access
- SecurID Appliance
- SecurID Suite
- Stability
- Uptime
- Version 8
- Version 8.3
- Version 8.3.x
- Version 8.4
- Version 8.4.x
- Version 8.5
- Version 8.5.x
- Version 8.x
No ratings
