AM8 web tier shows as offline or pending connection
Originally Published: 2013-10-11
Article Number
Applies To
Issue
customer is sure the web tier server is online
AM8 web tier shows as "Pending Connection"
Cause
Resolution
openssl s_client -connect (the name or IP of the AM8 server):7022
You should get a response that looks similar to :
am8pri:/home/rsaadmin # openssl s_client -connect am8p.vcloud.local:7022
CONNECTED(00000003)
depth=1 /CN=RSA root CA for am8pri.vcloud.local/serialNumber=2ebf8701ad9568c2f7815ca3f23f6a13547954d735f80d980b66f9a7d3b6292e
verify error:num=19:self signed certificate in certificate chain
verify return:0
23421:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1094:SSL alert number 42
23421:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
Once this is done, test connectivity from the Web Tier to the server. If the Web Tier is on Red Hat Linux, use the built-in openssl utility in the same way it was done on the AM8 appliance.
If the Web Tier server is installed on Win2008, get the open-source openssl utility. A less useful alternative is to install and use the telnet client, but this will only allow you to see if a connection can be made to 'something' on 7022, and not show any ssl information, which can be misleading.
An example of the Web Tier port 7022 being blocked by a firewall or networking issue:
openssl s_client -connect primary.company.com:7022
Loading 'screen' into random state - done
connect: No such file or directory
connect:errno=0
An example of the Primary not listening on the Web Tier port, or a misconfigured firewall accepting the conenction but not processing it correctly:
openssl s_client -connect primary.company.com:7022
connect: Connection refused
connect:errno=111
Other examples of different numbers for connect:errno=x are available on the internet
Notes
Related Articles
AM8 web tier shows as offline but Web tier services are running Number of Views How to verify RSA Authentication Manager (AM) 8.1 is sending syslog data to a remote syslog server. Number of Views Cannot apply RSA Authentication Manager 8.1 SP1 patch due to special characters in OS user rsaadmin password Number of Views How to import CA signed console cert from AM 8.x primary into a new primary with same FQDN Number of Views Why am I getting a "Failed to Log In" message when attempting to reset my MFA authenticator for my RSA account? Number of Views
Trending Articles
Artifacts to gather in RSA Identity Governance & Lifecycle How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle Unable to attach a replica instance due to a configuration error when enabling replication for the RADIUS server for RSA A… Oracle 12c TEMP_UNDO_ENABLED parameter for managing GTT UNDO activity in RSA Identity Governance & Lifecycle RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server
Don't see what you're looking for?
