SPS Host - Registration failed ('bad ipAddress[:port] or unable to connect to Authentication Server

Document ID : KB000074957
Last Modified Date : 28/03/2018
Show Technical Document Details
Introduction:
CA SSO components are distributed across an enterprise. Installing and configuring them may involve passing communication through different subnets and intermediate devices.

This use case involves building a new CA Secure Proxy Server (SPS) or a.k.a. Access Gateway (AG) for R12.7 SP1 on RHEL7.4. Second SPS is returning errors while running ca-sps-config.sh on the host registration step. 

Am able to register one set of servers with PS with no issues  However, the second SPS alone is showing registration failures.
 
Question:
Upon executing the registration command, why am I getting Return code 251 ?
Registration failed ('bad ipAddress[:port] or unable to connect to Authentication server 30.135.163.145'). 
rc=$? 
+ rc=251 

Why is Telnet to PS on standard ports is fine?
Environment:
CA Access gateway (a.k.a. SPS) R12.7 SP1 on RHEL 7.4 
 
Answer:
You can specify a non-default port numbers for the Policy server (PS).  However, if your PS is configured to use a non-default port and you omit it when you register a trusted host, the following error is displayed: 

Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1).

But, intermediate device such as a Firewall can also cause a similar connection issue. As in this use case, while the firewall was allowing telnet, it was blocking the registration request resulted in the same exact error message since the respective addresses / ports utilized by the PS were not open in the firewall policy.
 
Additional Information:
For further detail on SPS, please refer to the docops product documentation for the version of CA SSO and/or SPS you’re using.