«  
  »

Changing the IP address of a RSA Authentication Manager server

RSA SecurID 800 token

I have recently worked on a Data Center migration that involved changing the whole IP address range for the site, this process went quite smoothly really.  One thing that caught me out was when the primary IP address of the RSA Authentication Manager server was changed all of the other servers could not longer authenticate even though the DNS records still existed and resolved to the new server IP address.

The work around it quite simple but does contain a number of steps, it does work though!

Stop Services

  1. Select Start | All Programs | RSA Authentication Manager Control Panel
  2. Select Start & Stop RSA Auth Mgr Services
  3. Click Stop All
  4. Click OK
  5. Click Edit
  6. Uncheck Automatically start services on system startup
  7. Click OK

Update Replica

  1. Select Start | All Programs | RSA Security | RSA Authentication Manager | RSA Authentication Manager Configuration Tools | RSA Authentication Manager Replica Management
  2. Highlight the Primary Server
  3. Click Details
  4. Change the Name and/or the IP addresses of the Primary ACE/Server configuration
  5. Click OK to the notice that you have changed the Name and now must change the system name

Update Server

  1. Change the name or IP address on the Primary Server Operating system, and reboot the machine
  2. Select Start | All Programs | RSA Security | RSA Authentication Manager | RSA Authentication Manager Configuration Tools | RSA Authentication Manager Replica Management
  3. Click OK to the “The name and/or IP address of this Primary RSA ACE/Server has changed successfully” dialogue

Start Services

  1. Select Start | All Programs | RSA Authentication Manager Control Panel
  2. Select Start & Stop RSA Auth Mgr Services
  3. Click Start All
  4. Click OK
  5. Click Edit
  6. Check Automatically start services on system startup
  7. Click OK

Other Updates

  1. New sdconf.rec files must be generated for all agent hosts and delivered to the agent hosts, replacing the existing file
  2. Select Start | All Programs | RSA Authentication Manager
  3. Select Agent Host | Generate Configuration Files | All Agent Hosts
  4. Click OK
  5. Click Yes
  6. Click OK
  7. Copy the newly created sdconf.rec to the SYSTEM32 folder on all agent hosts

If you have found this article and code of use to you or your organisation why not send me a small donation?







Write your comment within 199 characters.

September 7th, 2008 | Category: RSA, Server, TCP/IP, Two-Factor, Windows 2003, Windows XP

3 comments to Changing the IP address of a RSA Authentication Manager server

  • Albert
    2 October, 2008 at 9:03 pm

    Hi Matt,

    Thanks for this, I just used it to change my RSA Server addresses! Although during the process I noticed it was described in the documentation also.
    But in the first place, googling to your result was quicker.

    Regards, Albert

  • T
    3 February, 2009 at 7:31 pm

    Matt,
    Good stuff. I have a similar problem, but it is the external IP we added. No outside clients can authenticate as the sdconf.rec only has the internal address. Any idea how to fix that?

  • Matt
    3 February, 2009 at 10:42 pm

    Sorry, I am not aware of how to resolve that particular issue, maybe someone else reading this might be able to help you.
    Best of luck,
    Matt.

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>