Access Gateway Event log error : DOWN; Last response: Failure - ICMP port unreachable
Our Access Gateway Enterprise Edition stopped working all of a sudden. Users got the following message at the AG Logon screen.
User name or password Invalid
Our RSA servers had been failed over shortly before.
Checking the AG Events Log (System\diagnostics\View Events)
The following was contained in the log
179421 0 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:01 2009
179422 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' DOWN Wed Sep 16 19:00:01 2009
179423 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' DOWN Wed Sep 16 19:00:01 2009
179426 32001 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): UP; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:33 2009
179427 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' UP Wed Sep 16 19:00:33 2009
179428 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' UP Wed Sep 16 19:00:33 2009
179421 0 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:01 2009
179422 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' DOWN Wed Sep 16 19:00:01 2009
179423 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' DOWN Wed Sep 16 19:00:01 2009
179426 32001 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): UP; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:33 2009
179427 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' UP Wed Sep 16 19:00:33 2009
179428 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' UP Wed Sep 16 19:00:33 2009
181432 0 Monitor_STAMON-0_of_internal(10.70.133.1:80): UP; Last response: Probe to STA server succeeded. Thu Sep 17 12:54:04 2009
181934 0 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:37:33 2009
181935 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' DOWN Thu Sep 17 15:37:33 2009
181938 32000 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): UP; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:38:05 2009
181939 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' UP Thu Sep 17 15:38:05 2009
181942 58002 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:39:03 2009
181943 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' DOWN Thu Sep 17 15:39:03 2009
181956 0 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): UP; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:40:35 2009
181957 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' UP Thu Sep 17 15:40:35 2009
182083 0 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Thu Sep 17 16:20:13 2009
182084 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' DOWN Thu Sep 17 16:20:13 2009
182085 1 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' DOWN Thu Sep 17 16:20:13 2009
182088 62001 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): UP; Last response: Failure - ICMP port unreachable. Thu Sep 17 16:21:15 2009
182089 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' UP Thu Sep 17 16:21:15 2009
182090 1 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' UP Thu Sep 17 16:21:15 2009
This log appears to show the Radius servers failing over and then coming back up.
However users were still unable to logon.
We failed over the AG device (System\High Availability)
and then logons started to work. We failed the server back to the original and it still continued to work. (Note : 2nd failover back to original server was slow server disappeared for 10 mins)
Our Radius Service was set to Load Balance which we know is not the best setting in the event of a Radius server going down as this will still send requests to it, but in our scenario here the CAG did not seem to send any requests to the Radius servers after those Servers had been restarted.
User name or password Invalid
Our RSA servers had been failed over shortly before.
Checking the AG Events Log (System\diagnostics\View Events)
The following was contained in the log
179421 0 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:01 2009
179422 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' DOWN Wed Sep 16 19:00:01 2009
179423 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' DOWN Wed Sep 16 19:00:01 2009
179426 32001 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): UP; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:33 2009
179427 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' UP Wed Sep 16 19:00:33 2009
179428 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' UP Wed Sep 16 19:00:33 2009
179421 0 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:01 2009
179422 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' DOWN Wed Sep 16 19:00:01 2009
179423 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' DOWN Wed Sep 16 19:00:01 2009
179426 32001 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): UP; Last response: Failure - ICMP port unreachable. Wed Sep 16 19:00:33 2009
179427 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' UP Wed Sep 16 19:00:33 2009
179428 0 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' UP Wed Sep 16 19:00:33 2009
181432 0 Monitor_STAMON-0_of_internal(10.70.133.1:80): UP; Last response: Probe to STA server succeeded. Thu Sep 17 12:54:04 2009
181934 0 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:37:33 2009
181935 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' DOWN Thu Sep 17 15:37:33 2009
181938 32000 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): UP; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:38:05 2009
181939 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' UP Thu Sep 17 15:38:05 2009
181942 58002 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:39:03 2009
181943 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' DOWN Thu Sep 17 15:39:03 2009
181956 0 Monitor_udp-ecv_of_Radius3(10.8.195.201:1812): UP; Last response: Failure - ICMP port unreachable. Thu Sep 17 15:40:35 2009
181957 0 'server_NSSVC_UDP_10.8.195.201:1812(Radius3)' UP Thu Sep 17 15:40:35 2009
182083 0 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): DOWN; Last response: Failure - ICMP port unreachable. Thu Sep 17 16:20:13 2009
182084 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' DOWN Thu Sep 17 16:20:13 2009
182085 1 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' DOWN Thu Sep 17 16:20:13 2009
182088 62001 Monitor_udp-ecv_of_Radius2(10.1.163.201:1812): UP; Last response: Failure - ICMP port unreachable. Thu Sep 17 16:21:15 2009
182089 0 'server_NSSVC_UDP_10.1.163.201:1812(Radius2)' UP Thu Sep 17 16:21:15 2009
182090 1 'server_NSSVC_UDP_192.168.123.126:1812(Radius_Loadbalanced)' UP Thu Sep 17 16:21:15 2009
This log appears to show the Radius servers failing over and then coming back up.
However users were still unable to logon.
We failed over the AG device (System\High Availability)
and then logons started to work. We failed the server back to the original and it still continued to work. (Note : 2nd failover back to original server was slow server disappeared for 10 mins)
Our Radius Service was set to Load Balance which we know is not the best setting in the event of a Radius server going down as this will still send requests to it, but in our scenario here the CAG did not seem to send any requests to the Radius servers after those Servers had been restarted.
Labels: Access Gateway
posted by Tomo at
Friday, September 18, 2009
0 Comments:
Post a Comment
<< Home