The RSA Authentication Manager 8.x RSA RADIUS Server Operations Console Service Stops with a FAILED State.
Originally Published: 2017-11-03
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1
Platform: Linux
O/S Version: SUSE Enterprise 11 SP3
Issue
The /opt/rsa/am/server/logs/radiusoc.log on the replica instance reports the following:
####<Nov 1, 2017 9:09:00 PM MDT> <Info> <Management> <app82r> <> <Thread-11> <> <> <> <1509592140062> <BEA-141298> <Could not register with the Administration Server: java.rmi.RemoteException: [Deployer:149150]An IOException occurred while reading the input.; nested exception is:
javax.net.ssl.SSLKeyException: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=app82r.rsa.net.>
####<Nov 1, 2017 9:09:01 PM MDT> <Warning> <Security> <app82r> <> <Thread-10> <> <> <> <1509592141809> <BEA-090504> <Certificate chain received from app82r.rsa.net - 192.168.107.48 failed hostname verification check. Certificate contained app82p.rsa.net but check expected app82r.rsa.net>
Cause
Workaround
Steps
- Logon to the authentication manager instance with the rsaadmin account.
- Change the account privileges with the command : sudo su -
- Navigate to the /opt/rsa/am/server/wrapper using the command : cd /opt/rsa/am/server/wrapper
- Take copies of four configuration files AdminServerWrapper.conf, BiztierServerWrapper.conf, ConsoleServerWrapper.conf & RadiusOCServerWrapper.conf as we are about to make changes to these files e.g. cp AdminServerWrapper.conf AdminServerWrapper.conf.ORIG
- Check the existing value for the "-Dweblogic.security.SSL.ignoreHostnameVerification" parameter in the four configuration files AdminServerWrapper.conf, BiztierServerWrapper.conf, ConsoleServerWrapper.conf & RadiusOCServerWrapper.confwith the command : cat *.conf | grep ignore
Example:
rsaadmin@app82p:/opt/rsa/am/server/wrapper> cat *.conf | grep ignore wrapper.java.additional.8=-Dweblogic.security.SSL.ignoreHostnameVerification=false wrapper.java.additional.47=-Dwrapper.ignore.component.failure=true wrapper.java.additional.8=-Dweblogic.security.SSL.ignoreHostnameVerification=false wrapper.java.additional.8=-Dweblogic.security.SSL.ignoreHostnameVerification=false wrapper.java.additional.7=-Dweblogic.security.SSL.ignoreHostnameVerification=false rsaadmin@app82p:/opt/rsa/am/server/wrapper>
- Change the "-Dweblogic.security.SSL.ignoreHostnameVerification" parameter from false to true in the four configuration files using a command like : sed -i 's/ignoreHostnameVerification=false/ignoreHostnameVerification=true/g' AdminServerWrapper.conf
NOTE: do not forget to make the change to all four files : AdminServerWrapper.conf, BiztierServerWrapper.conf, ConsoleServerWrapper.conf & RadiusOCServerWrapper.conf
- Check the "-Dweblogic.security.SSL.ignoreHostnameVerification" parameter has been changed successfully using the command : cat *.conf | grep ignore
Example:
rsaadmin@app82p:/opt/rsa/am/server/wrapper> cat *.conf | grep ignore wrapper.java.additional.8=-Dweblogic.security.SSL.ignoreHostnameVerification=true wrapper.java.additional.47=-Dwrapper.ignore.component.failure=true wrapper.java.additional.8=-Dweblogic.security.SSL.ignoreHostnameVerification=true wrapper.java.additional.8=-Dweblogic.security.SSL.ignoreHostnameVerification=true wrapper.java.additional.7=-Dweblogic.security.SSL.ignoreHostnameVerification=true rsaadmin@app82p:/opt/rsa/am/server/wrapper>
- Restart the RSA Authentication Manager Services using the command : /opt/rsa/am/server/rsaserv restart all
- If not already done so, replace the console certificate (generate a Certificate Signing Request, submit the CSR to a CA, and request an SSL server certificate, import the SSL server certificate and active the new SSL console certificate) where the Common Name (CN) matches the fully-qualified hostname of the authentication manager instance.
- Stop the RSA Authentication Manager server using the command : /opt/rsa/am/server/rsaserv stop all
- Revert the changes in the four configuration files where the "-Dweblogic.security.SSL.ignoreHostnameVerification" parameter is false e.g. sed -i 's/ignoreHostnameVerification=true/ignoreHostnameVerification=false/g' AdminServerWrapper.conf
- Start the RSA Authentication Manager Services using the command : /opt/rsa/am/server/rsaserv start all
Related Articles
Failed to cleanup RADIUS data when restoring backup from Operations Console of RSA Authentication Manager 8.4.x Number of Views Release Notes Archive - Cloud Authentication Service and Authenticators (January 2019 - August 2017) Number of Views 'Error bash: service: command not found' error when attempting to stop or start RSA Identity Governance & Lifecycle Number of Views 'No such service afx_server' error when performing afx status/stop/start commands in RSA Identity Governance & Lifecycle Number of Views User Event Monitor Messages for Cloud Access Service (400 - 1409) Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
