If you get the message, "The Security Server did not answer. You cannot access this host." when you attempt to authenticate to a Host from a Guest, here are the likely scenarios:
(Most users performing a new implementation find that scenario #3 or #4 is the cause.)
- Verify that your Impero Security Server is running. Check the Security Server module's general tab and verify that the status says running.
- Your Security Server module is not logged in to the Security Server database. In the Security Server go to Tools>Security Server Setup. In the Information section, the Status should state that "Security Server is running." If not, you will need to successfully log on to the database from this window.
- Your Security Server is in a different subnet from the Host. Adding the Security Server's IP address or DNS name to broadcast list in the TCP/IP communication profile on the Host will allow the Host to communicate with the Host.
- Your Host and your Security Server are using a different Security Server Group ID or Public Key. Check the Host's Guest Access Security to make sure this value matches what the Security Server's Security Manager is using.
- Verify that your Host's TCP/IP (UDP) communication profile is using the same communication port as the Security Server's TCP/IP (UDP) communication profile. The default communication port is 6502.
- Verify that there is no hardware or software firewall between the Host and the Security Server that is blocking UDP on port 6502. The Host calls the Security Server using the UDP protocol.
- Your Host and Security Server are different versions that may not be compatible with each other.
- Depending on the configuration of your security policies, the Security Server may be waiting for an answer from the Active Directory or LDAP server. The Host is configured to wait a fixed amount of time for an answer from Impero Security Server. When that time expires, the above error will be triggered. In order to make the Host wait longer for an answer from Impero Security Server, one of the following impero.ini settings can be used on the Host:
[NSS]RPCLoginRightsCheckTimo=180RPCLoginTimo=180 Value is in number of ticks, i.e. 1/18 of a second. Default is 72 (4 seconds). By increasing the value to 180 (10 seconds), the Host has a better chance of receiving an answer from the Impero Security Server in a very complex Active Directory environment. RPCLoginRightsCheckTimo is used for: timeout value for querying the chosen authentication method.RPCLoginTimo is used for: timeout value used for general communication with Security ServerRPCLoginRightsCheckTimo is available only in Impero Connect 10.0 (2011087) and above.