How to manually sync a replica in an RSA Authentication Manager 8.x deployment with one or more replicas
Originally Published: 2015-10-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Cause
- Replication is broken between the primary and a replica instance.
- Possible network issue between the primary and a replica instance.
Resolution
- Using the rsaadmin account, logon to the Authentication Manager primary, with an either an SSH session or at the local console.
- Navigate to /opt/rsa/am/utils.
- Retrieve the password for the rsa_dba user using the command ./rsautil manage-secrets -a get com.rsa.db.dba.password:
Commands are documented below:
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter OS user password> Last login: Tue Jul 15 14:07:01 2023 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am87p:~> cd /opt/rsa/am/utils rsaadmin@am87p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Enter the OC admin user: <enter Operations Console administrative user name> Enter the OC admin password: <enter Operations Console administrative user password> com.rsa.db.dba.password: rSKD5bGguLGNL9uGvFWnJoxIcHJah2 rsaadmin@am87p:/opt/rsa/am/utils> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: <enter the com.rsa.db.dba.password captured above> psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help.
- Enter the following SQL statement to list the contents of the rsa_rep.IMS_INSTANCE_NODE table:
db=# SELECT * FROM rsa_rep.IMS_INSTANCE_NODE; id | instance_id | name | host | ip | product_patch | activation_time | last_updated_on ----------------------------------+----------------------------------+-----------+------------------------+---------------+---------------+-------------------------+------------ ------------- 6d779c4bea8b1f0a1ab26476086cfb4f | 075b5175ea8b1f0a08024e4d8ee9036e | replica87 | replica87.rsalocal.com | 10.31.139.234 | | 2015-09-21 08:19:30.972 | 2023-06-21 08:26:52.6 151e9003598b1f0a1a90a885b26a6634 | 091ca479598b1f0a080258079e9bd683 | primary87 | primary87.rsalocal.com | 10.31.139.89 | | 2015-09-18 12:04:40.3 | 2023-06-21 08:28:03.756 (2 rows)
-
Enter the following SQL statement to list the contents of the rsa_rep.IMS_INSTANCE table:
db=# SELECT * FROM RSA_REP.IMS_INSTANCE; id | cpu_count | description | is_primary | deployed_state ----------------------------------+-----------+--------------------------------+------------+---------------- 091ca479598b1f0a080258079e9bd683 | 1 | Initial primary instance. | t | 0899bb5ea8b109876fds4e10466ldcca | 1 | inserted by attachment process | f | active 075b5175ea8b1f0a08024e4d8ee9036e | 1 | inserted by attachment process | f | active (3 rows)
Note that the instance_id captured in step 4 is the id in step 5. Also note carefully which row has the listing for is_primary set to false and note the ID number for that instance.
-
IF YOU HAVE MORE THAN ONE REPLICA use the ID number for the replica that needs to be resynched that was captured in step 5 to update IMS_INSTANCE to change the deployed state of the replica.
db=# UPDATE RSA_REP.IMS_INSTANCE SET deployed_state = 'out_of_sync' WHERE is_primary='FALSE' AND id = 'instance_id from step 5';
For example,
db=# UPDATE RSA_REP.IMS_INSTANCE SET deployed_state = 'out_of_sync' WHERE is_primary='FALSE' AND id = '075b5175ea8b1f0a08024e4d8ee9036e'; UPDATE 1
- IF YOU HAVE ONLY ONE REPLICA you do not need to input the instance_id value. Run the following command::
db=# UPDATE RSA_REP.IMS_INSTANCE SET deployed_state = 'out_of_sync' WHERE is_primary='FALSE'; UPDATE 1
- Now running a SELECT statement on the IMS_INSTANCE table, shows the deployed state of the replica as out_of_sync:
db=# SELECT * FROM RSA_REP.IMS_INSTANCE; id | cpu_count | description | is_primary | deployed_state ----------------------------------+-----------+--------------------------------+------------+---------------- 091ca479598b1f0a080258079e9bd683 | 1 | Initial primary instance. | t | 075b5175ea8b1f0a08024e4d8ee9036e | 1 | inserted by attachment process | f | out_of_sync (2 rows)
- Exit SQL with the command \q.
- Login to the Operations Console of the primary and select Deployment Configuration > Instances > Status Report. The sync option is now available.
- Click Sync to perform a database sync between the primary and replica instance
Related Articles
Migrating an RSA Authentication Manager deployment from one environment to another Number of Views Migration to RSA Authentication Manager 8.1 with the option to retain system settings fails with an error about duplicate … Number of Views Moving the RSA Authentication Manager 8.x virtual appliance from one ESX host to another Number of Views RSA Authentication Manager replica instance fails to attach to the Authentication Manager deployment Number of Views Error: 'Rep name in DB doesn't match host' appears in application log Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
