Error message "can't connect to ace server" with the RSA Apache Web Agent 8.0
Originally Published: 2017-09-14
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for Web
RSA Version/Condition: 8.0 for Apache Web Server
Platform: Linux
O/S Version: RHEL
Issue
Error can't connect to ACE/Server
Also when running acetest, the error below is seen:
AceInitialize failed
Cause
Resolution
- Set the environment variable USEUDP_ENV_VAR to be false.
export USEUDP_ENV_VAR=false
- Get the proper hostname of the machine:
hostnamectl status
Note: Static, pretty and transient must be the same. If they need to be changed here is the syntax:# hostnamectl set-hostname "Your Host Name Here" # hostnamectl set-hostname "Your Host Name Here" --pretty # hostnamectl set-hostname "Your Host Name Here" --static # hostnamectl set-hostname "Your Host Name Here" --transient
- Set that name properly in rsa_api.properties along with the following other settings:
# Name of the agent. The same needs to be configured in AM. Default value is the Hostname of the machine RSA_AGENT_NAME = <hostname of the Linux server> ... ... ... # Path of the AM configuration file. # For Windows # SDCONF_LOC = C:\RSA_AuthSDK\sdconf.rec # For Non-Windows SDCONF_LOC = /var/ace/sdconf.rec ... ... ... # Folder location where "config.xml", "bootstrap.xml" and "root.cer" will be created. # For Windows # RSA_CONFIG_DATA_LOC = C:\RSA_AuthSDK # For Non-Windows RSA_CONFIG_DATA_LOC = /var/ace/
Note 1: The RSA_AGENT_NAME must be here exactly as written on the Security Console
Note 2: RSA_CONFIG_DATA_LOC is the location of the files needed for TCP and it will be inside a directory with the name of the agent set above. - Start the Apache server using the command below.
httpd -k start
Notes
- With UDP there is no use for the Config location nor the rsa_api.properties file. UDP agent entries in AM Security Console usually resolve to the hostname.
- The node secret file (securid) is only utilized in the UDP mode.
- UDP is the default method of communication used and more information can be found in the Apache Agent Guide.
- TCP was not utilized until Apache agent 8.0 and above, which uses Agent API ver. 8.5 and above. TCP agent entries in Security Console usually must resolve to the agent name configured in rsa_api.properties. You can create a single agent entry in Security Console for multiple (1000s) of TCP agents providing all agents have the same agent name configured in their rsa_api.properties file.
Related Articles
When attempting to launch the RSA Identity Governance and Lifecycle UI the browser shows a "page can't be displayed" error… Number of Views Can't Attach RSA Authentication Manager 8.1 replica when Primary has migrated data. Number of Views RSA Via Lifecycle and Governance User Interface is inaccessible after rebooting an Appliance with the error "This page can… Number of Views UserAccountControl (UAC) attribute PASSWD_CANT_CHANGE is not updated by the Active Directory AFX Connector in RSA Identity… Number of Views Unable to start ACE/Server Services - database brokers can't start Number of Views
Trending Articles
How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU
Don't see what you're looking for?
