Okay, so I had with me over the weekend a SecureID Appliance from RSA. Not one of the software versions, but the RSA-based hardware appliance running a bad version of grub to boot up.
This particular device had a range of issues not withstanding failure on access to the web interface. It’s been a bit of a journey, but figured I may as well note some items down here for future reference.
* Local Administrator account for such devices is always rsalocaladmin
* Interface is accessible on TCP port 8098, SSL access
* RDP access can sometimes break on the interface. You can RDP directly to the box using TCP port 8198 (thanks, RSA)
* Host file is important – ensure its correct either manually through SYSTEM32 or through the web interface
* Backup of the database is kept on C:\authmgr\backup – it runs a backup once a week, and is triggered by an AT script rotatebackup.bat in C:\authmgr\scripts
* The authentication manager and authentication service need to be syncronised – sdconf.rec is stored in C:\authmgr\data and needs to be copied to C:\windows\system32
I had two main issues in the logs, which prevented login to any RSA required system:
* Agent Host Not Found – This was due to a Agent Host entry not being there for the RSA Appliance itself. I re-added the entry as an UNIX agent and configured OK
* Node Verification Failed – This was due to the fact that the sdconf.rec files were not identical.
The web interface that operates on 8098 can’t be accessed via rsalocaladmin, unfortunately. Following the changes above, I created a password only temporary user to test and was successful.
I also had another issue which related to the ACE Client indicating that the authentication managers were not available. These were due to agent secrets being present when they shouldn’t have been. These were cleared up, and the appliance restarted.