Radius Servers Replication Status "Cannot determine Status"
2 years ago
Article Number
000068088
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.5.x and earlier 
Issue
On the Security Console and on the Operations Console when you check the RADIUS server you will find the replication status as "Cannot Determine Status" May be you will also see RADIUS server not found.
MicrosoftTeams-image (9).png

In the RADIUS logs located at /opt/rsa/am/radius directory, you might see this error:
12/12/2022 03:06:53 CRadConfigServerProviderPost::ExecutePost unknown managed server spec: A70KPCRPARSA002.a70adom.bcbssc.com
12/12/2022 03:06:53 CRadConfigServerProviderPost::ExecutePost unknown managed server spec: A70KPCRPARSA002.a70adom.bcbssc.com
12/12/2022 03:06:53 CRadConfigServerProviderPost::ExecutePost unknown managed server spec: A70KPCRPARSA002.a70adom.bcbssc.com
 
Cause
The is multiple reasons discussed in other articles like those articles:
    #000050088, #000040446, #000067989
But the one we are discussing here is that there might be a network scanner, anti-virus, load balancers,...etc.
Actively trying to communicate with the radius server on ports 1812 or 1813 or both and that should be restricted as per this Documentation:
Doc.png

 
Resolution
1.Check the packet capture on both ports by following these steps:
a. Login as rsaadmin on both the primary and replicas
b. Use these commands:
               sudo tcpdump -i eth0 -v -w /tmp/<filename1>.pcap  -n host <ip address> and port 1812
c. Check the packet capture from the CLI directly or download the files using WINSCP or any similar tool and then check the capture using Wireshark you should see something like that: 
PRIM13.png
In this example there is 2 IPs which are [10.186.17.8 & 10.186.17.9] these are load balancers actively trying to open a TCP session and terminating it.

2.Terminate those connections and you will find the status changed to synchronized. 
Don't see what you're looking for?