CA SSO components are distributed across an enterprise. Installing and configuring them may involve passing communication through different subnets and intermediate devices.
This use case involves building a new CA Secure Proxy Server (SPS) or a.k.a. Access Gateway (AG).
SPS is returning errors while running ca-sps-config.sh on the host registration step.
Am able to register one set of servers with PS with no issues However, the second SPS alone is showing registration failures.
Upon executing the registration command, why am I getting Return code 251 ?
Registration failed ('bad ipAddress[:port] or unable to connect to Authentication server xxx.xxx.xxx.xxx').
Why is Telnet to PS on standard ports is fine?
There could be something in between the Access Gateway and Policy Server that is not allowing the connectivity.
CA Access gateway (a.k.a. SPS)
You can specify a non-default port numbers for the Policy server (PS). However, if your PS is configured to use a non-default port and you omit it when you register a trusted host, the following error is displayed:
Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1).
But, intermediate device such as a Firewall can also cause a similar connection issue. As in this use case, while the firewall was allowing telnet, it was blocking the registration request resulted in the same exact error message since the respective addresses / ports utilized by the PS were not open in the firewall policy.
You can use telnet command to check if the port is open.
In case if the telnet did connect to the Policy Server ports, there would be Handshake Error as no sharedsecret had been submitted.
If you do not see handshake error then the telnet did not connect to the Policy Server but it may be some other devices in between.