ACS 5.3 Secondary Server connection problem with RSA AM 6.1

jsteffensen · ‎10-24-2012

Hi Everyone

We have 4 ACS 5.3 Servers connected as Primary and Secondary Servers.

We use a "RSA SecurID Token Servers" External userdatabase for authentications and are able to sucessfully authenticate (vpn-)users when the requests are send from the primary ACS Server.

As soon as a secondary ACS server sends the request to the RSA server the request fails. "Node verification failes"

On the RSA Authentication Manager 6.1 Server, we have created a Agent-host wich contains the 3 secondary nodes (FQDN and IP's).

The "sdconf.rec" file has been installed on theprimary ACS Server and are automatically (so it looks like) replicated to all ACS Servers.

Still none of the secondary server are able to authenticate the users agains the RSA server.

I know it looks like a RSA problem, but perhaps any of you have any experience with simular seup, and are able to give a hint.

Best Regards

Jarle Steffensen

rmachuli · ‎11-22-2012

Hi Jarle,

to have it working with RSA Authentication Manager 6.1 Server you need to create a separate host agent on RSA server for each ACS instance (primary and for all secondary servers), not enter FQDN's and IPs as a secondary nodes for only one agent host.

Next apply again sdconf.rec on ACS 5.3 and authenticate with secondary ACS and with primary ACS (in some cases you will need to clear ‘Node Secret Created’ checkbox for each ACS agent host on RSA side first and then try to authenticate).

I hope that helps

best regards

Roman Machulik