The AFX Server in RSA Identity Governance & Lifecycle is in a Not running State in the user interface (AFX > Servers).
When logged into the application server as the afx user, the
afx status command shows the startup timed out and the AFX Server never fully starts.
$ afx status
● afx_server.service - Afx Server
Loaded: loaded (/etc/systemd/system/afx_server.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2020-01-06 12:30:28 EST; 11s ago
Process: 19999 ExecStop=/etc/init.d/afx_server stop (code=exited, status=0/SUCCESS)
Process: 20643 ExecStart=/etc/init.d/afx_server start (code=exited, status=0/SUCCESS)
Main PID: 20643 (code=exited, status=0/SUCCESS)
Jan 06 12:29:18 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:29:28 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:29:38 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:29:48 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:29:58 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:30:08 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:30:18 acm-711 afx_server[20643]: Waiting for AFX applications to start...
Jan 06 12:30:28 acm-711 afx_server[20643]: WARNING!! Timed out waiting for AFX applications to start.
Please check AFX application log files for detailed status information.
Jan 06 12:30:28 acm-711 afx_server[20643]: done
Jan 06 12:30:28 acm-711 systemd[1]: Started Afx Server.
When starting AFX, the following errors are logged to the AFX log files:
In the $AFX_HOME/esb/logs/mule_ee.log:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Failed to deploy artifact '10_AFX-INIT', see below +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
org.mule.module.launcher.DeploymentInitException: CertPathBuilderException: Could not build a validated path.
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
java.security.cert.CertPathBuilderException: Could not build a validated path.
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException:
Could not build a validated path.
...
Caused by: java.security.cert.CertPathBuilderException: Could not build a validated path.
at com.rsa.cryptoj.o.qb.engineBuild(Unknown Source)
and
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Failed to deploy artifact '15_AFX-MAIN', see below +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
org.mule.module.launcher.DeploymentInitException: IllegalArgumentException: Could not resolve placeholder
'afx.server.activemq.password' in string value "${afx.server.activemq.password}"
In the
$AFX_HOME/esb/logs/esb.AFX-INIT.log:
2020-01-06 12:27:24.425 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:162 -
Unable to establish secure (SSL) connection with RSA Identity Governance and Lifecycle server.
2020-01-06 12:27:24.425 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:171 -
SSL certificates for RSA Identity Governance and Lifecycle server and AFX were not issued by the same
RSA Identity Governance and Lifecycle Certificate Authority(CA). You may encounter this problem if the
RSA Identity Governance and Lifecycle certificate store has been changed, but either the
RSA Identity Governance and Lifecycle server OR AFX installation hasn't been updated with the respective
keystore containing new certificate and CA entries. Please update both the
RSA Identity Governance and Lifecycle server and AFX installations with latest respective keystore available for download in the
RSA Identity Governance and Lifecycle application.
2020-01-06 12:27:24.426 [ERROR] com.aveksa.afx.server.init.ServerInitializationComponent:79 -
Server initialization failed! Please correct the issue and restart AFX.
and
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
In the
$AFX_HOME/esb/logs/esb.AFX-MAIN.log:
java.lang.IllegalArgumentException: Could not resolve placeholder 'afx.server.activemq.password'
in string value "${afx.server.activemq.password}"