SPS Host - Registration failed ('bad ipAddress[:port] or unable to connect to Authentication Server


Article ID: 74957


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


CA SSO components are distributed across an enterprise. Installing and configuring them may involve passing communication through different subnets and intermediate devices.

This use case involves building a new CA Secure Proxy Server (SPS) or a.k.a. Access Gateway (AG) for R12.7 SP1 on RHEL7.4. Second SPS is returning errors while running ca-sps-config.sh on the host registration step. 

Am able to register one set of servers with PS with no issues  However, the second SPS alone is showing registration failures.

Upon executing the registration command, why am I getting Return code 251 ?
Registration failed ('bad ipAddress[:port] or unable to connect to Authentication server'). 
+ rc=251 

Why is Telnet to PS on standard ports is fine?


CA Access gateway (a.k.a. SPS) R12.7 SP1 on RHEL 7.4 


You can specify a non-default port numbers for the Policy server (PS).  However, if your PS is configured to use a non-default port and you omit it when you register a trusted host, the following error is displayed: 

Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1).

But, intermediate device such as a Firewall can also cause a similar connection issue. As in this use case, while the firewall was allowing telnet, it was blocking the registration request resulted in the same exact error message since the respective addresses / ports utilized by the PS were not open in the firewall policy.

Additional Information

For further detail on SPS, please refer to the docops product documentation for the version of CA SSO and/or SPS you’re using.