Logging on to Security console gives "Bad Request 400" after the planned promotion when trying to use friendly alias server name in the URL
4 years ago
Originally Published: 2021-06-03
Article Number
000043163
Applies To
RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0
 
Issue
The administrator performed the planned promotion of the RSA Authentication Manager Appliance. After that, he could log on to Security Console using a fully qualified domain hostname in the URL. However, logging on to the Security console gives "Bad Request 400" when trying to use the friendly alias server name in the URL. In DNS, it appears there is an alias set to the Primary server hostname and somehow after the promotion, the Security Console page is not loaded fully. Login prompt does not appear. Error Bad Request 400 

Edit /opt/rsa/am/utils/resources/ims.properties
You will notice that the last line has an incorrect server name. The alias is pointing to the old server name due to this line.

ims.ssl.client.primary.provider.url=t3s\://<RSA_AM_Primary>.svr.us.mycompany.net\:7022
Cause
The server properties file always gets refreshed whenever there is a need to update IMS_INSTANCE_NODE table and in this case, the table will be updated to reflect the change in the primary server. This issue will occur if the friendly alias name is pointed to a different system in the DNS. At this point, the same alias will be pointing to 2 different systems (old primary and promoted primary) since the java cache is not refreshed. So a reboot is required on all systems whenever you point the alias to a different server/node.
 
Resolution
Reboot all the systems whenever you point the alias to a different server name in the DNS. A reboot will flush the java/WebLogic/OS cache.
Workaround
The workaround is to edit the file /opt/rsa/am/utils/resources/ims.properties and correct the Primary server name and restart RSA services.

Related Articles

Trending Articles

Don't see what you're looking for?