RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
- From the /opt/rsa/am/install_logs/config/config.sh_Appliance_configureReplica_<datestamp>.log:
16 2014-07-18 15:36:06,771 INFO: One of the dependencies dirs doesn't exist: ../common-platform/thirdparty
20 2014-07-18 15:36:06,775 INFO: Arguments: [Appliance.configureReplica]
1259 2014-07-18 15:36:08,014 INFO: Script source dir: /opt/rsa/am/config/src/scripts
1259 2014-07-18 15:36:08,014 INFO: Patch Script source dir: null
1433 2014-07-18 15:36:08,188 INFO: Reading configuration from Config.groovy
2428 2014-07-18 15:36:09,183 INFO: Running task Appliance.configureReplica
6641 2014-07-18 15:36:13,396 INFO: Executing free
7099 2014-07-18 15:36:13,854 INFO: Total Memory: 4057304 KB
7112 2014-07-18 15:36:13,867 INFO: Using memory category 4GB
7121 2014-07-18 15:36:13,876 INFO:
########### ATTENTION ###########
# Enter your user password to #
# continue. #
# Your user account must be in #
# the /etc/sudoers file first. #
# #
########### ATTENTION ###########
7549 2014-07-18 15:36:14,304 INFO: Executing /opt/rsa/am/server/rsaserv stop admin on command line
12574 2014-07-18 15:36:19,329 INFO: Return code: 0:
12574 2014-07-18 15:36:19,329 INFO: Output: Stopping RSA Console Server:
RSA Console Server [SHUTDOWN]
Stopping RSA Runtime Server:
RSA Runtime Server [SHUTDOWN]
Stopping RSA RADIUS Server Operations Console:
RSA RADIUS Server Operations Console [SHUTDOWN]
Stopping RSA Administration Server with Operations Console:
RSA Administration Server with Operations Console [SHUTDOWN]
12574 2014-07-18 15:36:19,329 INFO: Applying secrets from the primary
12584 2014-07-18 15:36:19,339 INFO: Extracting systemtools
[untar] Expanding: /opt/rsa/am/components/compile/com.rsa.ims/clu-tar/8.1.0.0.0/clu-tar-8.1.0.0.0.tar into /opt/rsa/am
14229 2014-07-18 15:36:20,984 INFO: Executing find
15464 2014-07-18 15:36:22,219 INFO: Executing find
[unzip] Expanding: /opt/rsa/am/replication/attachment_data_from_primary/replica_secrets.zip into
/opt/rsa/am/replication/attachment_data_from_primary
[copy] Copying 1 file to /opt/rsa/am/utils/etc
- From the /opt/rsa/am/install_logs/config/config.sh_Appliance_configureReplica_<datestamp>.log
Exception in thread "Main Thread" com.rsa.ims.security.keymanager.sys.SystemFingerprintException: The user name specified does not have a password assigned to it at com.rsa.ims.security.lockbox.crypto.d.d(d.java:162) at com.rsa.ims.security.lockbox.crypto.d.b(d.java:43) at com.rsa.ims.security.lockbox.b.recoverSystemKey(b.java:431) at com.rsa.ims.security.keymanager.sys.FieldsManager$recoverSystemKey.call(Unknown Source) at SetupReplica.importPrimarySystemSecrets(SetupReplica.groovy:203) at SetupReplica$importPrimarySystemSecrets.callCurrent(Unknown Source) at SetupReplica.applySecrets(SetupReplica.groovy:171) at SetupReplica.configureReplica(SetupReplica.groovy:39) at SetupReplica$configureReplica.call(Unknown Source) at Appliance.configureReplica(Appliance.groovy:22) at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:68) at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57) at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:60) at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106) at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105) at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source) at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40) Configuration step Appliance:configureReplica [FAILED]
- From /opt/rsa.am/server/logs/imsTrace.log:
@@@2013-07-17 21:16:22,045, [AddReplica], (AttachReplicaThread.java:137), trace.com.rsa.amappliance.web.quicksetup.replicaattach.
AttachReplicaThread, ERROR <hostname>,,,,Failed to attach. Primary host:<hostname>, exception:
com.rsa.amappliance.web.quicksetup.util.SetupException: Execution of config goal Appliance:configureReplica failed with exit code 1
at com.rsa.amappliance.web.quicksetup.util.SetupUtility.executeConfigGoal(SetupUtility.java:131)
at com.rsa.amappliance.web.quicksetup.replicaattach.AttachReplicaUtility.executeConfigGoal(AttachReplicaUtility.java:150)
at com.rsa.amappliance.web.quicksetup.replicaattach.AttachReplicaThread.configureReplica(AttachReplicaThread.java:189)
at com.rsa.amappliance.web.quicksetup.replicaattach.AttachReplicaThread.startConfigureReplica(AttachReplicaThread.java:167)
at com.rsa.amappliance.web.quicksetup.replicaattach.AttachReplicaThread.attachReplica(AttachReplicaThread.java:104)
at com.rsa.amappliance.web.quicksetup.replicaattach.AttachReplicaThread.run(AttachReplicaThread.java:91)
at java.lang.Thread.run(Thread.java:662)
- From the /opt/rsa/am/server/logs/rsa-console.log:
(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
@@@2013-07-17 21:16:22,035 ERROR [AddReplica] GUILog.traceThrowable(637) | error:
com.rsa.amappliance.web.quicksetup.util.SetupException: Execution of config goal Appliance:configureReplica failed with exit code 1
at com.rsa.amappliance.web.quicksetup.util.SetupUtility.executeConfigGoal(SetupUtility.java:131)
1. If using a virtual appliance for the Authentication Manager 8.1 replica, delete the replica's virtual machine from VMware or Hyper-V. If using a hardware appliance for the replica, factory reset it.
2. Change the Operations Console admin's password via the Security Console.
2a. Login to the primary Authentication Manager 8.1 Security Console.
2b. Select Administration > Manage OC Administrators.
2c. For the Operations Console user whose password needs to be changed, click Change Password.
2d. Create a new password for the user and confirm it.
2e. Click Save when done.
3. Confirm that the old replica server is not listed in the Operations Console and if it is, delete it.
3a. Login to the primary Operations Console.
3b. Select Deployment Configuration > Instances > Status Report.
3c. If the Authentication Manager 7.1 replica is listed, click on the context arrow next to the server name and click Delete.
3d. Check the option to delete the replica.
3e. Click Delete. The progress monitor displays the delete process.
3f. Click Done when complete.
4. Reset the system fingerprint on the primary server.
4a. Connect to the primary via SSH, vSphere or direct connection.
4b. Login as rsaadmin.
4c. Navigate to /opt/rsa/am/utils.
4d. Run the following command:
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a recover Please enter OC Administrator username: <enter the name of an Operations Console administrator> Please enter OC Administrator password: <enter the password for the Operations Console administrator> Machine fingerprint restored successfully.
5. Generate a new replica package file for the new Authentication Manager 8.1 replica.
5a. From the primary's Operations Console, select Deployment Configuration > Instances > Generate Replica Package.
5b. Click Download to download the replica_package.zip that contains the connection.properties and the primary-ca.cer files.
6. Using the information in the Authentication Manager 8.1 Setup and Configuration Guide, deploy a new Authentication Manager 8.1 replica. Ensure that you are using the correct guide for your installation (that is, use the documentation for Authentication Manager 8.1 if you have not yet installed Service Pack 1. Use the documentation for Authentication Manager 8.1 Service Pack 1 if you have installed the service pack).
- Forward and reverse name resolution of the primary to the replica and vice versa.
- Before attaching the replica to the primary, remove any authentication agent host entry for the replica that displays on the the primary's Security Console that may have come from the migration.
Related Articles
When signing a SHA256 CA off a SHA1 Root CA it does not have a SHA256 signature algorithm in RCM Number of Views StealthAUDIT hosts have a status of Offline in RSA Identity Governance and Lifecycle Number of Views Connecting to or querying the database using pgSQL in RSA Authentication Manager 8.x Number of Views AFX Server remains in a 'Not running' State, afx status shows 'timed out waiting for AFX applications to start' and mule_e… Number of Views Why am I getting a Single Sign-On Error when logging in to the RSA Community if I already have access to myRSA? Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide
