New Experience realms stop working on secondary servers

Version Affected:  23.07 and 24.04

Description:  
New Experience realms stop working on secondary servers in 23.07 and 24.04 due to an issue with the password replication from the Primary to the Secondary server

This has been fixed in the latest version of Filesync, raise a case with Support to get Filesync updated


Cause:  
When Filesync syncs the password from the Primary SecureStore to the secondary, the secondary incorrectly locks itself out from the store and throws a 500 error


Resolution:  

Disable Filesync replication of the SecureStore by following these steps

1. On the Primary Server 
   • Stop the Filesync Service
   • Navigate to D:\MFCApp_Bin\Appliance_Sync\FileSyncService
   • Back up idpservices.list
   • Replace it with the attached idpservices.list  (It's at the very bottom of this article)
   • Navigate to D:\SecureAuth\SecureAuth0 and replace the idpservices.list with the attached version
   • Delete the syncmanifest.xml file from D:\SecureAuth\SecureAuth0
     
     
2. On the Secondary Server
   • Stop the Filesync Service
   • Stop the SecureStorageApiAppPool Application Pool
   • Manually MOVE the SecureStore on the Secondary from
     D:\SecureAuth\SecureStorageApi\SecureAuth Corporation\SecureStore\Replication\Inbound
     To
     D:\SecureAuth\SecureStorageApi\SecureAuth Corporation\SecureStore\Replication\Outbound
     (ensure you remove it from inbound)
   • On the Secondary, start the SecureStorageApiAppPool application pool
     
     
3. On both Primary and Secondary, start the Filesync Service

Special Considerations:

This stops the password sync so if you update the password for your service account, you'll need to manually copy the securestore file from outbound on the primary to inbound on the secondary. 

This has been fixed in the latest version of Filesync, raise a case with Support to get Filesync updated

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.