000039140 - RSA RADIUS server fails to start on an RSA Authentication Manager 8.x Instance

Document created by RSA Customer Support Employee on Sep 17, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039140
Applies ToRSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3 or later
Platform: Linux
O/S Version: SUSE Enterprise Linux
 
IssueRADIUS Authentication requests are failing.

An administrator has noticed the RSA RADIUS server is in a [SHUTDOWN] state when checking the status of the Authentication Manager services with the command: /opt/rsa/am/server/rsaserv status all

Example:

rsaadmin@am84p:~> /opt/rsa/am/server/rsaserv status all
RSA Database Server                                        [RUNNING]
RSA Administration Server with Operations Console          [RUNNING]
RSA RADIUS Server Operations Console                       [RUNNING]
RSA Runtime Server                                         [RUNNING]
RSA RADIUS Server                                          [SHUTDOWN]
RSA Console Server                                         [RUNNING]
RSA Replication (Primary)                                  [RUNNING]

rsaadmin@am84p:~>


A review of the RSA RADIUS log file (that is yyyymmdd.log | 20200717.log) in the /opt/rsa/am/radius folder reports the following message on startup:


...
...
...
07/16/2020 13:05:23 Radius Authentication Server started ...
07/16/2020 13:05:23 ../radacctd.c radAcctMasterThread 280 Entering
07/16/2020 13:05:23 Starting DCF system
07/16/2020 13:05:23 DCF system failed to start (hr = -2147467259 from dcfWaitStarted)
07/16/2020 13:05:23 failed to start Radius Server ...
07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException  (HRESULT: 80004005)
07/16/2020 13:05:23 system.log:   (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069
07/16/2020 13:05:23 system.log:   message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml!
07/16/2020 13:05:23 system.log:   -----------------------------------------------------------------------------
07/16/2020 13:05:23 system.log:   (1) from: dcfInitThreadContext.cpp:59
07/16/2020 13:05:23 system.log:   message: Exception Handled
07/16/2020 13:05:23 system.log: Jul 16 13:05:23: Exception: dcfIOException  (HRESULT: 80004005)
07/16/2020 13:05:23 system.log:   (0) from: /src/build/tmp.1/dcf1/inc/clients/dcfDomUtility.h:1069
07/16/2020 13:05:23 system.log:   message: Failed to retrieve DOM document: /opt/rsa/am/radius/sbr.xml!
07/16/2020 13:05:23 system.log:   -----------------------------------------------------------------------------
07/16/2020 13:05:23 system.log:   (1) from: dcfInitThreadContext.cpp:59
07/16/2020 13:05:23 system.log:   message: Exception Handled
07/16/2020 13:05:23 system.log:   -----------------------------------------------------------------------------
07/16/2020 13:05:23 system.log:   (2) from: dcfInitThreadContext.cpp:60
07/16/2020 13:05:23 system.log:   message: aborting start up process due to exception
07/16/2020 13:05:23 system.log:   -----------------------------------------------------------------------------
07/16/2020 13:05:23 system.log:   (3) from: dcfInitThread.cpp:241
07/16/2020 13:05:23 system.log:   message: Exception Handled
07/16/2020 13:05:23 Initialization failure, server shutting down
07/16/2020 13:05:23 Shutting down Radius Authentication Server ...
07/16/2020 13:05:23 Uninitializing authentication libraries
07/16/2020 13:05:23 Destroyed instance of SecurID authentication library
07/16/2020 13:05:23 Uninitializing Radius network comm
07/16/2020 13:05:23 ../radauthd.c radAuthMain() 264 Exiting
07/16/2020 13:05:24 ../radacctd.c radAcctMasterThread 513 Exiting
07/16/2020 13:05:24 Shutting down Radius Accounting Server ...
07/16/2020 13:05:24 Uninitializing Radius Accounting comm
07/16/2020 13:05:24 ../radacctd.c radAcctMain() 222 Exiting
07/16/2020 13:05:24 Server shut down after failure
CauseThe reason the RSA RADIUS server will not startup is because the /opt/rsa/am/radius folder has a missing file called sbr_administration.xml.
ResolutionAn administrator will need to restore the missing file called sbr_administration.xml.

Where there is another Authentication Manager instance in the Authentication Manager deployment with a running RSA RADIUS Server then an administrator could use the following steps:
  1. Logon to the command line using the operating system account, e.g., rsaadmin
  2. To copy the sbr_administration.xml file from another Authentication Manager instance use this command:  scp rsaadmin@{AM_instance_FQDN}:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius

** substitute {AM_instance_FQDN} with the fully qualified hostname (or IP address) of the other Authentication Manager instance

Example:

rsaadmin@am84p:~> scp rsaadmin@am84r.csau.ap.rsa.net:/opt/rsa/am/radius/sbr_administration.xml /opt/rsa/am/radius
The authenticity of host 'am84r.csau.ap.rsa.net (192.168.31.38)' can't be established.
ECDSA key fingerprint is SHA256:XVnMbmVf2NwWY1HIp7M88nIETHoXlm6qcwyQJzVJ2Og.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'am84r.csau.ap.rsa.net,192.168.31.38' (ECDSA) to the list of known hosts.
Password:
sbr_administration.xml                                                                                      100%   12KB  11.5KB/s   00:00
rsaadmin@am84p:~>


 

Alternatively, contact RSA Customer Support and provide software version information on your Authentication Manager instance in order to obtain a suitable copy of the sbr_administration.xml file.
NotesContact information for RSA Customer Support is available at URL https://community.rsa.com/docs/DOC-1294

Attachments

    Outcomes