Skip to main content

View sample logs for failover scenarios

Administrators can configure a backup sever for SecureAuth RADIUS to failover to in case of service failure. Some cases in which a failover would occur include:

  • Communications are faulty with the target SecureAuth® Identity Platform.

  • SecureAuth RADIUS Server receives no response.

  • SecureAuth RADIUS Server receives errors from the Identity Platform.

Failover to a SecureAuth Identity Platform RADIUS backup server is configured under Add IdP realms.

See below for sample logs from common failover scenarios.

Scenario: Failover to functioning second server

In this scenario, the primary SecureAuth RADIUS Server successfully fails over to a secondary, functioning server.

[25/Oct/2018:13:18:16 -0700]  ERROR   IdPAPIAccess: Primary IdP server failed: https://secureauth.company.com/SecureAuth3. Checking failover servers.
[25/Oct/2018:13:18:16 -0700]  INFO    IdPAPIAccess: Falling back to server: sa01.company.com
[25/Oct/2018:13:18:17 -0700]  INFO    AuditLog: Start authentication session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=230 type=Access-Challenge
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=231 type=Access-Challenge
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=232 type=Access-Challenge
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=233 type=Access-Challenge
[25/Oct/2018:13:18:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=234 type=Access-Challenge
[25/Oct/2018:13:18:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=235 type=Access-Challenge
[25/Oct/2018:13:18:18 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:13:18:19 -0700]  DEBUG   RadiusLibFacade: sending response: id=236 type=Access-Challenge
[25/Oct/2018:13:18:39 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:13:18:39 -0700]  DEBUG   RadiusLibFacade: sending response: id=237 type=Access-Challenge
[25/Oct/2018:13:18:40 -0700]  DEBUG   RadiusLibFacade: sending response: id=238 type=Access-Accept
[25/Oct/2018:13:18:40 -0700]  INFO    AuditLog: Granted access to user: user-adm; NAS-IP: 123.45.67.89

Scenario: Failover to other non-functioning servers

In this scenario, the primary SecureAuth RADIUS Server attempts to fail over. The fail over does not complete because of an error with the backup servers.

[25/Oct/2018:14:22:27 -0700]  INFO    AuditLog: Abandoned previous session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:14:22:27 -0700]  ERROR   IdPAPIAccess: Primary IdP server failed: https://secureauth.company.com/SecureAuth3. Checking failover servers.
[25/Oct/2018:14:22:28 -0700]  INFO    AuditLog: Start authentication session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=6 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=7 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=8 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=9 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=10 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=11 type=Access-Challenge
[25/Oct/2018:14:22:29 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:14:22:29 -0700]  INFO    IdPAPIAccess: Password authentication failed: invalid; message: AppId is unknown.
[25/Oct/2018:14:22:29 -0700]  INFO    PasswordState: User/Password verification failed for user: user-adm.
[25/Oct/2018:14:22:29 -0700]  DEBUG   RadiusLibFacade: sending response: id=12 type=Access-Reject
[25/Oct/2018:14:22:29 -0700]  INFO    AuditLog: Denied access request by user: user-adm; NAS-IP: 123.45.67.89

Scenario: Failover to secondary server fails; failover to third server

In this scenario, the primary SecureAuth RADIUS Server attempts to fail over to a secondary server. The fail over does not complete, so the SecureAuth RADIUS Server fails over to a third server and is successful.

[25/Oct/2018:14:30:55 -0700]  ERROR   IdPAPIAccess: Primary IdP server failed: https://secureauth.company.com/SecureAuth3. Checking failover servers.
[25/Oct/2018:14:30:55 -0700]  INFO    IdPAPIAccess: Falling back to server: sa01.secureauth.com
[25/Oct/2018:14:30:56 -0700]  INFO    AuditLog: Start authentication session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=13 type=Access-Challenge
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=14 type=Access-Challenge
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=15 type=Access-Challenge
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=16 type=Access-Challenge
[25/Oct/2018:14:30:57 -0700]  DEBUG   RadiusLibFacade: sending response: id=17 type=Access-Challenge
[25/Oct/2018:14:30:57 -0700]  DEBUG   RadiusLibFacade: sending response: id=18 type=Access-Challenge
[25/Oct/2018:14:30:57 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:14:30:57 -0700]  DEBUG   RadiusLibFacade: sending response: id=19 type=Access-Challenge
[25/Oct/2018:14:31:18 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:14:31:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=20 type=Access-Challenge
[25/Oct/2018:14:31:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=21 type=Access-Accept
[25/Oct/2018:14:31:18 -0700]  INFO    AuditLog: Granted access to user: user-adm; NAS-IP: 123.45.67.89

============================
Primary IdP Host:
secureauth.company.com
Backup IdP Host:
secureauth2.company.com,sa01.secureauth.com