Error message "can't connect to ace server" with the RSA Apache Web Agent 8.0
Originally Published: 2017-09-14
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for Web
RSA Version/Condition: 8.0 for Apache Web Server
Platform: Linux
O/S Version: RHEL
Issue
Error can't connect to ACE/Server
Also when running acetest, the error below is seen:
AceInitialize failed
Cause
Resolution
- Set the environment variable USEUDP_ENV_VAR to be false.
export USEUDP_ENV_VAR=false
- Get the proper hostname of the machine:
hostnamectl status
Note: Static, pretty and transient must be the same. If they need to be changed here is the syntax:# hostnamectl set-hostname "Your Host Name Here" # hostnamectl set-hostname "Your Host Name Here" --pretty # hostnamectl set-hostname "Your Host Name Here" --static # hostnamectl set-hostname "Your Host Name Here" --transient
- Set that name properly in rsa_api.properties along with the following other settings:
# Name of the agent. The same needs to be configured in AM. Default value is the Hostname of the machine RSA_AGENT_NAME = <hostname of the Linux server> ... ... ... # Path of the AM configuration file. # For Windows # SDCONF_LOC = C:\RSA_AuthSDK\sdconf.rec # For Non-Windows SDCONF_LOC = /var/ace/sdconf.rec ... ... ... # Folder location where "config.xml", "bootstrap.xml" and "root.cer" will be created. # For Windows # RSA_CONFIG_DATA_LOC = C:\RSA_AuthSDK # For Non-Windows RSA_CONFIG_DATA_LOC = /var/ace/
Note 1: The RSA_AGENT_NAME must be here exactly as written on the Security Console
Note 2: RSA_CONFIG_DATA_LOC is the location of the files needed for TCP and it will be inside a directory with the name of the agent set above. - Start the Apache server using the command below.
httpd -k start
Notes
- With UDP there is no use for the Config location nor the rsa_api.properties file. UDP agent entries in AM Security Console usually resolve to the hostname.
- The node secret file (securid) is only utilized in the UDP mode.
- UDP is the default method of communication used and more information can be found in the Apache Agent Guide.
- TCP was not utilized until Apache agent 8.0 and above, which uses Agent API ver. 8.5 and above. TCP agent entries in Security Console usually must resolve to the agent name configured in rsa_api.properties. You can create a single agent entry in Security Console for multiple (1000s) of TCP agents providing all agents have the same agent name configured in their rsa_api.properties file.
Related Articles
When attempting to launch the RSA Identity Governance and Lifecycle UI the browser shows a "page can't be displayed" error… Number of Views UserAccountControl (UAC) attribute PASSWD_CANT_CHANGE is not updated by the Active Directory AFX Connector in RSA Identity… Number of Views Update to Authentication Manager 8.6 (base, P1 or P2) with replacement console certificates causes RADIUS "Can't connect t… Number of Views Can't edit workflows on production without using AveksaAdmin Number of Views Unable to start ACE/Server Services - database brokers can't start Number of Views
Trending Articles
RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor… RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) Troubleshooting RSA SecurID Access Application Portal unsuccessful logon message due to a bad identity source bind
Don't see what you're looking for?
