Do TCP Agent using API ver. 8.5 & 8.6 need a new sdconf.rec file after a new Primary is promoted?
Originally Published: 2021-03-29
Article Number
Applies To
RSA Product/Service Type: Authentication Agent API for Java
RSA Version/Condition: 8.5.0, 8.6.0
Platform: Linux
Platform (Other): Windows
O/S Version: Red Hat Enterprise Linux 6.x
Issue
Definition: TCP agents using API ver. 8.5 & 8.6 to TCP port 5500 (not ReST agents using TCP port 5555, not UDP legacy agents using UDP port 5500) e.g. partner FoxT Boks Server agent.
Tasks
- Add a new replica to your Authentication Manager realm
- Promote new replica to become the new primary
- Remove original primary, either because you promoted for Disaster Recovery, DR, or you promoted for maintenance but eventually decommissioned the original primary that became a replica
Resolution
When you eventually promote this new replica, and as the last step remove the original primary, our Assumptions are as follows:
- Provide newly downloaded copies of the sdconf.rec file to all;
- a. new Boks TCP agents, and
- b. existing TCP agents that did not know of this new primary because they had not authenticated after this new primary had been added as a replica, and therefore did not learn of it through the configuration service
- Technically you would not need a new sdconf.rec file for existing TCP agents that knew of this new primary because they had authenticated after this new primary had been added as a replica. However, a Best Practice would be to maintain consistency with all downloaded sdconf.rec file
Notes
Agent uses the Configuration Service to determine whether or not there is updated configuration information.
Related Articles
How to run the RSA AMBA utility without the need of input files? Number of Views When is a wildcard certificate needed in RSA SecurID Access? Number of Views Does RSA Identity Governance and Lifecycle MAX_STRING_SIZE need to be modified from STANDARD to EXTENDED to accommodate st… Number of Views Need to wait until updating radius_connector.ini file after AM8.6 upgrades replica side Number of Views Do Web Services need to be enabled if they are not being used in RSA Identity Governance & Lifecycle? Number of Views
Trending Articles
Oracle 12c TEMP_UNDO_ENABLED parameter for managing GTT UNDO activity in RSA Identity Governance & Lifecycle Unable to attach a replica instance due to a configuration error when enabling replication for the RADIUS server for RSA A… RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Troubleshooting RSA MFA Agent for Microsoft Windows
Don't see what you're looking for?
