RSA SecurID Appliance 3.0 Service Pack 4 Migration Failure at Task 'Importing Certificates'
Originally Published: 2019-11-10
Article Number
Applies To
RSA Product/Service Type: SecurID Appliance
RSA Version/Condition: 3.0.4
Platform: Linux
Issue
During the migration the task 'Importing Certificates' failed with a task status 'Unsuccessful'.
Example:
Downloaded Migration Report (migrationReport.log) shows:
Migration Report - <day>, <dd/mm/yyyy> <hh:mm> AM|PM The import of version 7.1 data was unsuccessful. Review this report for more information. ++++++++++++++++++++++++++++ Error: Failed to massage migrated data org.postgresql.util.PSQLException: ERROR: update or delete on table "ims_authn_policy" violates foreign key constraint "fk_ims_auth_pol_id_anauthpol" on table "ims_sec_domain_authn_policy" Detail: Key (id)=(57b2c699c802a8c002900fe94aeb5a52) is still referenced from table "ims_sec_domain_authn_policy". ---------------------------- com.rsa.ims.migration.engine.exception.MigrationTaskException: Failed to massage migrated data org.postgresql.util.PSQLException: ERROR: update or delete on table "ims_authn_policy" violates foreign key constraint "fk_ims_auth_pol_id_anauthpol" on table "ims_sec_domain_authn_policy" Detail: Key (id)=(57b2c699c802a8c002900fe94aeb5a52) is still referenced from table "ims_sec_domain_authn_policy". at com.rsa.ims.internal.migration.engine.tasks.migrate.impl.MigrationMassageMigratedDataTask.performExecuteTask(MigrationMassageMigratedDataTask.java:53) at com.rsa.ims.internal.migration.engine.tasks.impl.AbstractTask.executeTask(AbstractTask.java:142) at com.rsa.ims.internal.migration.engine.impl.MigrationEngineImpl.migrate(MigrationEngineImpl.java:108) at com.rsa.ims.migration.command.ImportMigrationPackageCommand.execute(ImportMigrationPackageCommand.java:125) at com.rsa.ims.operationsconsole.admin.migrate71.Perform71MigrationThread.run(Perform71MigrationThread.java:72) at java.lang.Thread.run(Thread.java:680) Caused by: com.rsa.ims.migration.common.MigrationException: org.postgresql.util.PSQLException: ERROR: update or delete on table "ims_authn_policy" violates foreign key constraint "fk_ims_auth_pol_id_anauthpol" on table "ims_sec_domain_authn_policy" Detail: Key (id)=(57b2c699c802a8c002900fe94aeb5a52) is still referenced from table "ims_sec_domain_authn_policy". at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2102) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1835) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:500) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:388) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:381) at com.rsa.ims.migration.admin.dal.impl.MassageMultipleRealmData.deleteRealmDefaultPolicy(MassageMultipleRealmData.java:492) at com.rsa.ims.migration.admin.dal.impl.MassageMultipleRealmData.updateRealmPolicies(MassageMultipleRealmData.java:244) at com.rsa.ims.migration.admin.dal.impl.MassageMultipleRealmData.convertRealmToSecurityDomain(MassageMultipleRealmData.java:60) at com.rsa.ims.migration.admin.dal.impl.MassageMigratedData.massageData(MassageMigratedData.java:78) at com.rsa.ims.migration.admin.impl.IMSMigrationMgtImpl.massageMigrationData(IMSMigrationMgtImpl.java:1048) at com.rsa.ims.migration.service.impl.MigrationServiceImpl.massageMigratedData(MigrationServiceImpl.java:897) at com.rsa.ims.internal.migration.engine.tasks.migrate.impl.MigrationMassageMigratedDataTask.performExecuteTask(MigrationMassageMigratedDataTask.java:44) ... 5 more Caused by: org.postgresql.util.PSQLException: ERROR: update or delete on table "ims_authn_policy" violates foreign key constraint "fk_ims_auth_pol_id_anauthpol" on table "ims_sec_domain_authn_policy" Detail: Key (id)=(57b2c699c802a8c002900fe94aeb5a52) is still referenced from table "ims_sec_domain_authn_policy". ... 18 more ----------------------------
NOTE: the Key (id) is likely to be different in your exception message.
An entry in the rsa_rep.ims_sec_domain_authn_policy table is causing the exception in the migration log.
Cause
Example:
NOTE: RSA recommends that you leave the Authentication Grade field set to Use the Default Policy.
Resolution
- Logon to the Operations Console and ensure you have a backup prior to making any change to the policy information linked to the realm.
Operations Console > Maintenance > Backups > Backup Now
- After performing the backup, logon to the Security Console with an administrative account for the realm.
- Select Administration > Security Domains > Manage Existing
- Left-click the Security Domain in question and select Edit
Example:
- Ensure every listed policy is using a default policy where the naming of the policy starts with 'Always Use Default'.
Example:
- Plan a new test migration into a newly deployed RSA Authentication Manager 8.1 SP1 P15 primary instance using the latest RSA AM 7.1 Migration Export Utility found in the AM 8.1 SP1 Patch 15 zip file (am-update-8.1.1.15.0.zip) which is available at URL https://community.rsa.com/docs/DOC-44902.
Notes
Product Version Life Cycle for RSA SecurID Access is provided at URL https://community.rsa.com/docs/DOC-73369.
The multiple realm feature was discontinued in RSA Authentication Manager 8.0.
