Thursday, 2 January 2020

RSA WebAgent: AceInitialize failed

RSA WebAgent Troubles

I had the following problem with my RSA WebAgent:
For secure remote access, I have a linux system, running the RSA WebAgent. After an Upgrade of the RSA ACE server, the web portal only responded with an error

106: The Web server is busy. Please try again later.

There was nothing busy about the web server, of course.
As I have a strong networking background, one of my standard trouble shooting methods is to have a look at the network traffic to see what's going on:

tcpdump -vvv -i eno16777984 port not 22 and not 443
(Your interface will have a different name, of course)

Apart from the usual DNS chatter which I didn't filter explicitly, there was no traffic from or to the machine. Especially not, when running
./acetest
Which returned a
AceInitialize failed

So the machine was not even trying to play ball :-(

There is not much of a debug function in RSA's command line tools, and a
strace ./acetest
showed that all dependencies were ok.

The solution

Then I set the environment variable to use TCP
export USEUDP_ENV_VAR=false
and got a much better chance of getting a response. (Not 100%, though)
With both the acestatus and the acetest utils running successfully, I still did not fully understand the problem, but could fix it.

1) reconfigure Apache
So I needed to modify the apache config to use TCP, rather than UDP:
In /etc/httpd/conf/httpd.conf (or wherever your apache config lies) add:
SetEnv USEUDP_ENV_VAR false

2) enable rpcbind
The other thing is, that it now seems to rely on a running rpcbind service, so rpcbind needs to be anabled and started.
To check if that is the case, run:
systemctl list-units --type=service --state=active
and see if you get a
rpcbind.service            loaded active running RPC bind service
in the reply.


No comments:

Post a Comment