Access denied error when running sync-tokens command in Authentication Manager 8.x
Originally Published: 2014-11-09
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Symptoms
- When trying to run the sync-tokens command with a super admin account, an access denied message is displayed.
- The super admin credentials, as well as other parameters, are entered in one line via command line. For example,
./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o /var/tmp/tokens.log -a -l
- The super admin user can run ./rsautil manage-oc-administrators with the same super admin account.
- The /opt/rsa/am/utils/logs/imsCluTrace.log shows following error:
@@@2014-11-07 10:19:32,929, [Main Thread], (EJBRemoteTargetBase.java:178), trace.com.rsa.command.EJBRemoteTargetBase, ERROR,SecurID.xxxxxx.com,,,,Exception during command execution.
com.rsa.authn.AuthenticationCommandException: Access Denied
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_1211_WLStub.executeCommand(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at com.sun.proxy.$Proxy0.executeCommand(Unknown Source)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:251)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:1)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167)
at com.rsa.command.DelegatingCommandTarget.executeCommand(DelegatingCommandTarget.java:66)
at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297)
at com.rsa.authn.LoginCommand.execute(LoginCommand.java:611)
at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:158)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740)
at com.rsa.command.ConnectionFactory.connect(ConnectionFactory.java:456)
at com.rsa.authmgr.admin.tools.SyncTokens.login(SyncTokens.java:66)
at com.rsa.authmgr.admin.tools.SyncTokens.main(SyncTokens.java:181)
Caused by: com.rsa.authn.AuthenticationCommandException: Access Denied
at com.rsa.authn.LoginCommand$Executive.execute(LoginCommand.java:775)
at com.rsa.authn.LoginCommand.performExecute(LoginCommand.java:679)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119)
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373)
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:696)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Cause
Resolution
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil sync-tokens -I Authenticator Bulk Synchronization Utility 8.2.1.8.0 (1398219) Copyright (C) 1994 - 2016 EMC Corporation. All Rights Reserved. Enter the absolute path for the output report file : /tmp/tokensync.txt Enter the base security domain name for recursive search [(none)]: none Enter the type of token selection [ (all) | file ]: all Choose a token filter [ assigned | unassigned | (both) ]: both What action do you wish to perform? [ (list) | modify ]: list Enter administrator user ID : administrator Enter administrative password : *********
Related Articles
Error message "Access denied - User not a member of any identity source in access policy" in RSA SecurID Access Number of Views "Access Denied" error when attempting to view detailed information on the RSA Via Lifecycle and Governance Users page Number of Views Access denied error while running the RSA Authentication Manager 8.x Administration SDK Number of Views Error 2004: Unable to communicate with server Access Denied when running RSA Authentication Manager Bulk Admin (AMBA) script Number of Views Error: 'Access denied. Auth lock error' using radius test client Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Release Notes for RSA Authentication Manager 8.8
Don't see what you're looking for?
