RSA Product Set: SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition: 8.x

After restarting or rebooting the RSA Authentication Manager primary server, the Administration Server with Operations Console service fails to start, making all administration consoles inaccessible.

Observable symptoms:

• The Security Console, Operations Console, and Self-Service Console are not accessible
• Running the following command via SSH fails at the same stage every time:
  

  rsaadmin@am:/opt/rsa/am/server>./rsaserv restart all
  Starting RSA Administration Server with Operations Console:
  Starting RSA Database Server: **                                
  RSA Administration Server with Operations Console  [FAILED]
  Starting RSA RADIUS Server Operations Console: -

• Running ./rsautil manage-secrets -a recover does not resolve the issue
• Rebooting the server does not resolve the issue
• The machine's hostname is resolvable, the IP address is correct, and the date, time, and time zone on the server are all correct
• Key error lines from AdminServerWrapper.log (located at /opt/rsa/am/server/logs/): 
  

  NFO   | jvm 1    | main    | 2018/09/24 06:24:38 | <Sep 24, 2018 6:24:38 AM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 24.161-b13 from Oracle Corporation.> 
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | 
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | /opt/rsa/am/server/config not found
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | 
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | No config.xml was found.
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | Would you like the server to create a default configuration and boot? (y/n): 
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | Please enter y, n
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | There are 1 nested errors:
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | 
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | weblogic.management.internal.InteractiveConfigurationException: /opt/rsa/am/server/config not found. 
  INFO   | jvm 1    | main    | 2018/09/24 06:24:40 | If you wish to have the server generate a default configuration file and boot, please re-execute your start command and respond to prompts or pass additional parameter of -Dweblogic.management.GenerateDefaultConfig.

The config.xml file is missing from the /opt/rsa/am/server/config directory on the primary Authentication Manager server.

This file is required by the WebLogic-based Administration Server to initialize its configuration at startup. Without it, WebLogic cannot boot and shuts itself down, causing all dependent services — including the Security Console, Operations Console, and Self-Service Console — to fail. This commonly occurs after a failed upgrade, an accidental file deletion, or filesystem corruption on the primary server.

To resolve this issue, copy the config.xml file from a replica Authentication Manager server to the primary server using an SCP client, then restart all services.

NOTE: During Quick Setup, a username other than rsaadmin may have been selected. Use that username in place of rsaadmin wherever it appears in the steps below.

Part 1: Copy config.xml from the Replica to Your Local Machine

1. Launch an SCP client (for example, WinSCP or PSCP) on your local machine.
2. Connect to the replica Authentication Manager server.
3. Log in as rsaadmin using the current operating system password.
4. Navigate to the following directory on the replica: /opt/rsa/am/server/config

   cd /opt/rsa/am/server/config

    

5. Copy the config.xml file from the replica to your local machine.

Part 2: Transfer config.xml to the Primary Server

1. In the SCP client, connect to the primary Authentication Manager server.
2. Log in as rsaadmin using the current operating system password.
3. Navigate to the following directory on the primary server:  /opt/rsa/am/server/config
4.  Transfer the config.xml file from your local machine to this directory.

Part 3: Restart Authentication Manager Services

1. Navigate to the server directory:
   

   cd /opt/rsa/am/server

2. Restart all Authentication Manager services:
   

   ./rsaserv restart all

Verification: Open a browser and confirm that the Security Console, Operations Console, and Self-Service Console are accessible and loading correctly.

• SSH Connection Instructions: For step-by-step guidance on connecting to an Authentication Manager server via SSH, refer to Enable Secure Shell on the Appliance.

• RSA Database Server Remains Running: It is expected behavior that the RSA Database Server continues to run even when all other services fail. This is because the Database Server starts independently and does not depend on the Administration Server with Operations Console service.

• No Replica Available: If no replica server is available in the deployment, contact RSA Support to obtain assistance recovering or regenerating the config.xml file. Do not attempt to create or edit this file manually.

• Prevention — Back Up config.xml: To prevent this issue from recurring, back up the config.xml file from /opt/rsa/am/server/config on the primary server as part of your regular maintenance routine, and after any upgrade or configuration change.