none
UAG not authenticating with RSA RRS feed

  • Question

  • Hello,

    I am having some problems getting our UAG 2010 to authenticate with RSA.

    Essentially what appears to be happening is that any authentication requests dont appear to hit the RSA server. We have configured RSA to allow the UAG array as an authentication agent. We configured the UAG to use RSA on port 5500. SDConf.rec was created and copied to C:\Windows\System32 on the UAG. We had RSA Authentication agent installed on the UAG (prior to me starting) which we used to authenticate and create the sdstatus.12 (node secret).

    The ACE agent always authenticates with no issues, however when we use sdtest (downloaded from here http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8809CFDA-2EE1-4E67-B993-6F9A20E08607) it fails to authenticate. When we try and authenticate through an external source we have the same issue.

    Upon looking through the logs, it appears that UAG is trying to send the authentication request from/to any port other than 5500. Is this standard behaviour?

    This is an example of what we see in the log.

    [11248] 17:52:02.777 File:acnetsub.c Line:463 # SendToServers():sento (10.106.22.69) at port 55257 UID TESTUSER succeeded

    Any assistance is greatly appreciated!

    Thank you

    Wednesday, July 16, 2014 5:02 PM

All replies

  • Why not configure the RSA appliance and UAG servers to use standard RADIUS authentication? I've found that to be simpler.
    Thursday, July 17, 2014 12:42 AM
  • Thanks,

    Our Radius solution is behind physical firewalls and the rules are not present to allow this traffic through. I can get this updated but it will take time and change control. I was hoping to have RSA configured and fully working as a faster solution as the rules are already present.

    Tuesday, July 22, 2014 2:19 PM
  • I share your pain with change control! Good luck :)
    Wednesday, July 23, 2014 12:23 PM