RSA agent on servers getting access denied and network timeout problems when the server is using NLB. Authentication Failures during test.While installing some RSA agents on NLB systems I ran into a problem where only one of the nodes would succesfully test the authentication. I started thinking, ok, maybe it is the nlb, so I set the client to use the dedicated ip. Nope, still didn't. So googling around I found half of my answer, use the NLB ip address. So Inside of the RSA server Security Console, I set up a new host, using the NLB hostname and IP address. And thats where the tip left off. They forgot a few steps. Add the dedicated ip's for the servers into the alternate ip address list. Also, you have to manually create the node secret and import it using the agent_nsload.exe command. So, quick break down

  1. Create host on RSA Security Console using NLB hostname/ip
  2. Add dedicated ip's of hosts as alternate addresses
  3. Create secret using Security Console and save the zip file. You will need to unzip the secret from that file.
  4. Use the agent_nsload program to import the secret. It's in the client installation stuff.
  5. Open the agent on the server, in the advanced section, set the ip to be the dedicated ip.
  6. Test and you should be good