RSA Product Set: SecurID
RSA Product/ Service Type: Authentication Manager Web Tier
RSA Version/Condition: 8.x

Functions that utilize an RSA SecurID Web Tier server, such as importing a software token via CT-KIP, are not working, and the Web Tier has a status of either "Offline" or "Offline, reinstall required" in the RSA SecurID Authentication Manager Operations Console (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing.)

The imsTrace.log on the Web Tier server shows the following message(s):

[pool-2-thread-1], (BootstrapperWorker.java:172), trace.com.rsa.tool.webtierbootstrapper.BootstrapperWorker, ERROR, <Web-Tier hostname>,,,,Errors occur when checking Webtier Update Artifacts on Preferred Server.Insufficient privilege to do WebTier Configuration
[pool-2-thread-1], (EJBRemoteTargetBase.java:187), trace.com.rsa.command.EJBRemoteTargetBase, ERROR, <Web-Tier hostname>,,,,Exception during command execution.
com.rsa.command.exception.InsufficientPrivilegeException: Insufficient privilege to do WebTier Configuration

[pool-2-thread-1], (UpdateServerListWorker.java:97), trace.com.rsa.tool.webtierbootstrapper.UpdateServerListWorker, ERROR, <Web-Tier hostname>,,,,Error occur when updating server list
com.rsa.command.exception.InsufficientPrivilegeException: Insufficient privilege to do WebTier Configuration

and/or,

Webtier host not found. Exiting checking server list update.

This issue can occur when there is a mismatch between the hostname of the Web Tier server and the hostname of the record for it in the Authentication Manager Operations Console (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing).

Depending on which message(s) noted in the Issue section above are included in the Web Tier server's imsTrace.log, do the following:

• If the "Insufficient privilege to do WebTier Configuration" error messages are found in the Web Tier's imsTrace.log file, then:

• 1. Correct the hostname mismatch between the Web Tier server and the record for it in Authentication Manager by either updating the hostname on the local Web Tier server or the hostname of the record for the Web Tier server in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing).
  2. Generate a new Web-Tier Deployment Package.
  3. Uninstall and re-install the Web Tier.

• If only the "Webtier host not found" message is found (and not the "Insufficient privilege to do WebTier Configuration" messages), then do either of the following:

1. 1. Change the hostname on the local Web Tier server to match the hostname of the record for it in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing), then:

1. 1. 1. Restart the Web Tier server.

  or,

1. 2. Change the hostname of the record for the Web Tier server in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing) to match the hostname of the local Web Tier server, and then:

1. 1. 1. Generate a new Web-Tier Deployment Package.
      2. Uninstall and re-install the Web Tier.