Hi all, I've recently inherited the management of our company's RSA system, and we've been experiencing this issue for some time. Currently running Authentication Manager 8.1 SP1 P09, and although I've read that you should be able to access the security console from three separate addresses (https://FQDN/, https://FQDN/sc, and https://FQDN:7004/console-ims/), only my last address is working. Doing some investigating, I also noticed that neither of my operations console links are working either(all get connection refused). We are running a primary/secondary setup on SLES11 SP2 (kernel 3.0.101-0.7.23), and it's worth mentioning that all of the addresses(including the OC ones) work just fine on my secondary system; it's only the primary can't access either of the OC and all but the last SC link.
Running "iptables -nL" from an elevated SSH bash, I get the following tidbit of info:
Chain rsaserv (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7002
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7004
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7022
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7072
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7082
However, when I run the following command: netstat -lnt | awk '$6 == "LISTEN" && $4 ~ "7072$"' I get zero results, while changing the 7072$ to 7004$ gives me five entries on the loopback and IPv4/IPv6 addresses of the server.
Is there a service that needs restarted, or should I possibly restart the entire server? Thanks in advance.
Can you tail the contents of /opt/rsa/am/server/logs/AdminServer.log and see what the stack trace is at the end of the file?
Possible fixes could include:
1. Expired console certificate -> Use /opt/rsa/am/utils/rsautil reset-server-cert
2. System modifications since that last services restart -> Try /opt/rsa/am/utils/rsautil manage-secrets -a recover
3. Sometimes I would try /opt/rsa/am/server/rsaserv stop all then /opt/rsa/am/server/rsaserv start all or reboot instead of restarting services.