Attempting to configure rSTS in the Authentication section of the Active Roles Configuration Center on an Active Roles Web Interface host fails with the error:
RSTS is running, but not responsive.
Clicking on the "Try to Fix" button fails with the error:
RSTS API cannot be reached through this port. Contact your system administrator.
CAUSE 1
The Active Roles Administration Service leveraged by this Active Roles Web Interface host is not running.
CAUSE 2
The Active Roles Web Interface is not properly initialized. This can happen if the Active Roles Web Interface was not properly configured following a reinstall or reconfiguration of the product.
CAUSE 3
The URL for the Active Roles Web Interface host (the fully qualified domain name of the server) is not accessible from the server itself.
CAUSE 4
The SSL Certificate securing the URL for the Active Roles Web Interface host on the FQDN of the server is not valid.
CAUSE 5
The Active Roles Web Interface host is joined to a child domain and is affected by Defect ID 479897.
RESOLUTION 1
On the Active Roles Web Interface host, find and open the settings.xml file.
This file is located at this path by default:
<DRIVE>:\Program Files\One Identity\Active Roles\x.x\Web\Public\xml
Ensure that the Active Roles Administration Service referenced by this file is fully started and accessible in the Active Roles Console.
For more information on this file, please see this resource.
RESOLUTION 2
Create a new test site in the Active Roles Configuration Center and then delete it. If this process completes successfully, then the Web Interface configuration is initialized.
RESOLUTION 3
Resolve any issues preventing the Active Roles Web Interface host from accessing its own FQDN in a browser opened on the host. These issues could include:proxy issues, IIS bind issues, etc.
RESOLUTION 4
Resolve any certificate issues noted when accessing the Active Roles Web Interface via FQDN. These issues could include: a missing subject alternative name, an untrusted certificate, etc.
RESOLUTION 5
The Active Roles Configuration Center does not use a valid method to detect its own FQDN when installed on a member server in a child domain. This defect will be addressed in Active Roles 8.3
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center