This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Testing TCP ports on RSA Authentication Manager 8.x instances

Article Number

000063361

Applies To

RSA Product Set:  SecurID
RSA Product/Service Type:  RSA Authentication Manager
RSA Version/Condition:  8.1 SP1 or later
Platform: Linux

Issue

An administrator has a requirement to check the presence of TCP ports on Authentication Manager instances in a deployment in case a firewall or other device is blocking communication between the primary and replica instance(s).

Resolution

This knowledge article provides a Linux shell script which can be executed on any Authentication Manager instance in a deployment to check the presence of TCP ports; for example, replication ports 7002 TCP, 1812 TCP, 1813 TCP.

The Linux shell script must be run with root privileges and requires the Operations Console username and password to read the Authentication Manager hostnames stored in the Authentication Manager database. The Linux shell script will use the Authentication Manager hostnames to perform name resolution via configured domain name server(s) and check for the presence of TCP ports on these Authentication Manager instances.

Installation

  1. Download and copy the attached commcheck.sh shell script into the /tmp folder on an Authentication Manager instance in the deployment.  Review the following article on how to enable Secure Shell on the Appliance, if needed.  Where SSH has been enabled, a secure FTP client, such as WinSCP can be used to copy the shell script into the /tmp folder.
  2. Change the permissions of the commcheck.sh so it can be run at the command line:

chmod 755 /tmp/commcheck.sh

Usage

  1. Logon to the Authentication Manger instance with the rsaadmin account, either in an SSH session or at the local console.
  2. Change the privileges of the rsaadmin account using the command:

sudo su -
Note that if you do not change the privileges of the rsaadmin account the following message appears:

You must be the root user to use this program; exiting...
  1. Go to the /tmp folder using the command:

cd /tmp
  1. The shell script can be executed in one of two ways, as Operations Console user credentials are required.  Note that in the first example the Operations Console admin password will be displayed in clear text, while in option two it is masked.

cd /tmp
./commcheck.sh <Operations Console admin name> <Operations Console admin password>
Checking OC credentials.. 
OC credentials validated... redirecting to menu..
or

cd /tmp
./commcheck.sh 
Checking OC credentials....missing OC credentials!

Please enter OC Administrator username: <Operations Console admin name> 
Please enter OC Administrator password: <Operations Console admin password>
 
OC credentials validated... redirecting to menu..
  1. The shell script menu displays:

RSA Customer Support (Asia Pacific)

Communications Check - AM TCP ports

1) Display Authentication Manager Hostnames
2) Perform Communications Check
3) Generate a Report
9) Exit

Please select an option


Display Authentication Manager Hostnames

Option 1 will read the Authentication Manager hostnames from the Authentication Manager database and displays them on the screen.
For example:

RSA Customer Support (Asia Pacific)

Communications Check - AM TCP ports

1) Display Authentication Manager Hostnames
2) Perform Communications Check
3) Generate a Report
9) Exit

Please select an option
1

Retrieving hostnames of AM instances..

Primary is am86p.securidcsapj.local with IP address 10.0.0.226

Replica is am86r.securidcsapj.local with IP address 10.0.0.227

Done!

Press any key to continue...


Perform Communications Check

Option 2 uses the Authentication Manager hostnames to perform a name lookup using DNS and then checks for the presence of the TCP ports.  For example:

RSA Customer Support (Asia Pacific)

Communications Check - AM TCP ports

1) Display Authentication Manager Hostnames
2) Perform Communications Check
3) Generate a Report
9) Exit

Please select an option
2

Communications Check..

 - this Authentication Manager is am86p.securidcsapj.local using software version 8.6.0.2.0

 - Primary is am86p.securidcsapj.local with IP address 10.0.0.226

Name Resolution via DNS - hostname lookup

;; connection timed out; no servers could be reached

PING am86p.securidcsapj.local (10.0.0.226) 56(84) bytes of data.
64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from am86p.securidcsapj.local (10.0.0.226): icmp_seq=4 ttl=64 time=0.038 ms

--- am86p.securidcsapj.local ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.027/0.038/0.046/0.010 ms

Name Resolution via DNS - IP address lookup

;; connection timed out; no servers could be reached

PING 10.0.0.226 (10.0.0.226) 56(84) bytes of data.
64 bytes from 10.0.0.226: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 10.0.0.226: icmp_seq=2 ttl=64 time=0.047 ms
64 bytes from 10.0.0.226: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from 10.0.0.226: icmp_seq=4 ttl=64 time=0.035 ms

--- 10.0.0.226 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.030/0.041/0.055/0.012 ms

TCP Port Checks

Authentication port
-------------------
am86p.securidcsapj.local authn port 5500 success
am86p.securidcsapj.local authn port 5555 success

Replication ports
-----------------
am86p.securidcsapj.local replication port 7002 success
am86p.securidcsapj.local replication port 1812 LOCAL ACCESS ONLY in 8.6.0.2.0
am86p.securidcsapj.local replication port 1813 NOT USED in 8.6.0.2.0

Adjudicator port
----------------
am86p.securidcsapj.local adjudicator port 7022 success

Console ports
------------
am86p.securidcsapj.local security console port 7004 success
am86p.securidcsapj.local operations console port 7072 success
am86p.securidcsapj.local https port 443 success

SSH port
--------
am86p.securidcsapj.local ssh port 22 success

AM Services ports
-----------------
am86p.securidcsapj.local auto-reg port 5550 success
am86p.securidcsapj.local offline auth port 5580 success

Required by Promotion feature
-----------------------------
am86p.securidcsapj.local radius configure port 7082 success

Name Resolution via DNS - hostname lookup

;; connection timed out; no servers could be reached

PING am86r.securidcsapj.local (10.0.0.227) 56(84) bytes of data.
64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=2 ttl=64 time=0.771 ms
64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=3 ttl=64 time=0.263 ms
64 bytes from am86r.securidcsapj.local (10.0.0.227): icmp_seq=4 ttl=64 time=0.524 ms

--- am86r.securidcsapj.local ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.263/0.548/0.771/0.188 ms

Name Resolution via DNS - IP address lookup

;; connection timed out; no servers could be reached

PING 10.0.0.227 (10.0.0.227) 56(84) bytes of data.
64 bytes from 10.0.0.227: icmp_seq=1 ttl=64 time=0.478 ms
64 bytes from 10.0.0.227: icmp_seq=2 ttl=64 time=0.397 ms
64 bytes from 10.0.0.227: icmp_seq=3 ttl=64 time=0.415 ms
64 bytes from 10.0.0.227: icmp_seq=4 ttl=64 time=0.344 ms

--- 10.0.0.227 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.344/0.408/0.478/0.051 ms

TCP Port Checks

Authentication port
-------------------
am86r.securidcsapj.local authn port 5500 success
am86r.securidcsapj.local authn port 5555 FAILED

Replication ports
-----------------
am86r.securidcsapj.local replication port 7002 success
am86r.securidcsapj.local replication port 1812 LOCAL ACCESS ONLY in 8.6.0.2.0
am86r.securidcsapj.local replication port 1813 NOT USED in 8.6.0.2.0

Adjudicator port
----------------
am86r.securidcsapj.local adjudicator port 7022 success

Console ports
------------
am86r.securidcsapj.local security console port 7004 success
am86r.securidcsapj.local operations console port 7072 success
am86r.securidcsapj.local https port 443 success

SSH port
--------
am86r.securidcsapj.local ssh port 22 success

AM Services ports
-----------------
am86r.securidcsapj.local auto-reg port 5550 success
am86r.securidcsapj.local offline auth port 5580 success

Required by Promotion feature
-----------------------------
am86r.securidcsapj.local radius configure port 7082 success

Done!

Press any key to continue...


Generate a Report

Option 3 will generate a report and provide the user with a report name. The content of the report is the same as the display when using Option 2. For example:

RSA Customer Support (Asia Pacific)

Communications Check - AM TCP ports

1) Display Authentication Manager Hostnames
2) Perform Communications Check
3) Generate a Report
9) Exit

Please select an option
3

 - please wait while a report is created.. this may take time where there are slow lookups!

..review the log file /tmp/commcheck_202204041052.log for results..

Press any key to continue...
Should a TCP port not be available then a FAILED message will be in the display output or report, as shown here:

am86p.securidcsapj.local replication port 7002 FAILED
Attachments
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-05-03 01:00 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.