000037330 - Software update using RSA Authentication Manager 8.4 patch 2 fails on an Authentication Manager instance.

Document created by RSA Customer Support Employee on Apr 11, 2019Last modified by RSA Customer Support Employee on Apr 11, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000037330
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0.2.0
IssueSoftware update using RSA Authentication Manager 8.4 Patch 2 fails on an Authentication Manager instance.

The software update log file (e. g., update-8.4.0.2.0-build1406696-20190328110907.log) found in the /opt/rsa/am/server/logs directory reports the following messages:

262305 2019-03-28 11:16:12,814 INFO: Deploying wrapper conf for RSA Replication (Primary)
     [copy] Copying 1 file to /tmp/rsa-install-2019-03-28-11-11-53/replication-wrapper-templates
     [java] Initializing WebLogic Scripting Tool (WLST) ...
     [java] Welcome to WebLogic Server Administration Scripting Shell
     [java] Type help() for help on available commands
     [java] Problem invoking WLST - Traceback (innermost last):
     [java] File "/tmp/rsa_update/iso/rsa/scripts/wlst/update-deployed-apps.py", line 36, in ?
     [java] File "/tmp/WLSTOfflineIni8843577475581477868.py", line 139, in updateDomain
     [java] File "/tmp/WLSTOfflineIni8843577475581477868.py", line 19, in command  
     [java] 60716: The domain contains online pending unactivated changes, offline changes will be ignored on activation of pending changes.
     [java] 60716: The domain contains online pending unactivated changes.
     [java] 60716: Activate or undo the pending changes before upgrading domain using WLST offline script.
     [java] at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)           [java] at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:2983)
     [java] at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:735)
     [java] at sun.reflect.GeneratedMethodAccessor178.invoke(Unknown Source)
     [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
     [java] at java.lang.reflect.Method.invoke(Method.java:498)
     [java] com.oracle.cie.domain.script.jython.WLSTException:
     com.oracle.cie.domain.script.jython.WLSTException: Error updating domain:
     [java] 60716: The domain contains online pending unactivated changes, offline changes will be ignored on
     activation of pending changes.
     [java] 60716: The domain contains online pending unactivated changes.
     [java] 60716: Activate or undo the pending changes before upgrading domain using WLST offline script.
     [java] Error: runCmd() failed. Do dumpStack() to see details.
CauseThere are pending changes for Oracle WebLogic in the /opt/rsa/am/server/pending directory.
Resolution

You must apply a software update to the primary and all replica instances in your RSA Authentication Manager deployment. Make sure you apply the software update to the primary instance first before applying the software update to the replica instances, one replica at a time.



In most cases the Authentication Manager software update installer rolls back the Authentication Manager instance to the previous version of software and in a stable condition.

Before applying the RSA Authentication Manager 8.4 patch 2 software update again to the Authentication Manager instance, an administrator can perform the following checks:
  1. Check all of the Authentication Manager services are running.  At the command line use the following command :

    /opt/rsa/am/server/rsaserv status all


Follow steps in the documentation on how to enable Secure Shell on the appliance to access the command line.


  1. Check whether a file called config.xml exists in /opt/rsa/am/server/pending:

Where the file /opt/rsa/am/server/pending/config.xml exists, the administrator must move the config.xml file to the /tmp folder with the command mv /opt/rsa/am/server/pending/config.xml /tmp.



  1. Take a backup before applying the  RSA Authentication Manager 8.4 patch 2 software update.  Use the steps available on how to Create a Backup Using Back Up Now.
  2. Apply the RSA Authentication Manager 8.4 patch 2 software to the Authentication Manager instance. Refer to the steps on how to apply the product update.
During the update process the administrator will be prompted to enter the rsaadmin password. At this point of the software update please check if /opt/rsa/am/server/pending/config.xml has returned and remove it/or move it to the /tmp folder. Keep checking the /opt/rsa/am/server/pending folder for the presence of the config.xml file during the software update process and remove it.

Note that during Quick Setup another user name may have been selected other than rsaadmin. Use that user name to login.



  1. Check all of the Authentication Manager services are running after the software update.  At the command line run:


/opt/rsa/am/server/rsaserv status all
NotesShould you still experience a technical issue updating the Authentication Manager instance, please contact RSA Customer Support.  Be sure to have the Authentication Manager license serial number ready, as you may be asked to provide it to open a support case.

 

Attachments

    Outcomes