Migration to RSA Authentication Manager 8.1 with the option to retain system settings fails with an error about duplicate or already existing pk_ims_certificates
Originally Published: 2015-01-14
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
Issue
The migration log shows the error: "Database error during inserting migrated certificates to certificate table. The duplicate key value violates unique constraint. PK_IMS_Certificates."
Cause
Workaround
Before proceeding with the steps below, take a backup of the Authentication Manager database through the Operations Console (Maintenance > Backup > Backup Now).
- Logon to the Authentication Manager 8.1 primary via SSH, vSphere client or local console session.
- Navigate to /opt/rsa/am/utils.
- Run the command ./rsautil manage-secrets -a get com.rsa.db.dba.password. This returns the database password that is unique to the deployment. This password will be copied then pasted at the prompt for the database password.
- At the database prompt (db=#),run a select statement to find the SMS certificate entry: SELECT * from rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe'; where the certificate ID is the value seen in the migration log. (Note the semicolon at the end of the command.) The output should be for one row.
- Now run a delete command to delete this entry. The command is: DELETE FROM rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe'; (Note the semicolon at the end of the command.)
A sample of the steps is below:login as: rsaadmin Using keyboard-interactive authentication. Password: <enter OS password> Last login: Fri Oct 2 15:32:51 2015 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am81p:~> cd /opt/rsa/am/utils rsaadmin@am81p:~> ./rsautil manage-secrets -a get com.rsa.db.dba.password rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter OC admin username> Please enter OC Administrator password: <enter OC admin password> com.rsa.db.dba.password: rSKD5bGguLGNL9uGvFWnJoxIcHJah2 rsaadmin@am81p:/opt/rsa/am/utils> ../pgsql/bin rsaadmin@am81p:/opt/rsa/am/pgsql/bin> ./psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: rSKD5bGguLGNL9uGvFWnJoxIcHJah2 psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=# SELECT * from rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe'; db=# DELETE from rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe';
-
Run the migration again.
Notes
Related Articles
Error: 'Rep name in DB doesn't match host' appears in application log Number of Views How to manually sync a replica in an RSA Authentication Manager 8.x deployment with one or more replicas Number of Views Error "com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing" on RS… Number of Views log4j:WARN No appenders could be found for logger (trace.com.rsa.ims.security.crypto.config.CryptoConfiguration). Log4J;Wa… Number of Views LookupAMPrincipalCommand failed, Expected: IMSGUID, got class com.rsa.ims.common.DNGUID for RSA Authentication Manager Adm… Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle RSA Release Notes: Cloud Access Service and RSA Authenticators RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
Don't see what you're looking for?
