000038115 - Unable to login to Self-Service Console after moving web tier to internet in RSA Authentication Manager 8.4 patch 6

Document created by RSA Customer Support Employee on Nov 11, 2019Last modified by RSA Customer Support Employee on Nov 11, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038115
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0
IssueOne or more of the following errors occur:
  • When the user logs on to Self-Service Console, it displays the following error:

Sorry, your request cannot be processed at this time. It either has been processed or is bad request. Return to home and try again.


  • The [wt_home]/server/logs/imsConsoleTrace.log on the web tier shows the following error: 


com.rsa.command.AuditedLocalizableSystemException: COMMAND_EXECUTION_UNEXPECTED_ERROR Caused by: com.rsa.common.SystemException:
Access denied. The authentication request was routed through a load balancer/Proxy server that is not recognized by the system.


  • The /opt/rsa/am/server/logs/imsTrace.log shows an unknown IP address: 


trace.com.rsa.ims.sso.service.SSOServiceImpl, FATAL, <FQDN of Auth Manager server>,,,,Access denied.
The authentication request was routed through a load balancer <IP address> (This IP is not used to define the virtual host in Operations Console).


  • The /opt/rsa/am/server/logs/imsTrace.log shows the following error:  


2019-10-14 16:35:04,156, [[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'], (SSOServiceImpl.java:285),
trace.com.rsa.ims.sso.service.SSOServiceImpl, FATAL, <FQDN of Auth Manager server>,,,,Access denied. The authentication request was routed
through a load balancer <IP address> that is not recognized by the system.


  • The opt/rsa/am/server/logs/AdminServer_access.log on Web Tier has the following lines showing the incorrect IP address:


#Start-Date: 2019-10-14 16:34:56
<IP address> 2019-10-14 16:34:56 0.313 GET / 302 285
<IP address> 2019-10-14 16:34:56 0.187 GET /console-selfservice/ 302 313
<IP address>  2019-10-14 16:34:57 0.844 GET /console-selfservice/SelfService.do 200 13280
<IP address> 2019-10-14 16:34:58 0.031 GET /console-selfservice/images/default/caret_gray.gif 200 56
<IP address> 2019-10-14 16:34:58 0.0 GET /console-selfservice/images/default/icn_help.gif 200 1648
<IP address> 2019-10-14 16:34:58 0.0 GET /console-selfservice/images/default/icn_help_caret.gif 200 49
<IP address> 2019-10-14 16:34:58 0.016 GET /console-selfservice/images/default/spacer.gif 200 43
<IP address> 2019-10-14 16:34:58 0.094 GET /console-selfservice/framework/rsa/css/framework-ext.css 200 20506
<IP address> 2019-10-14 16:34:58 0.0 GET /console-selfservice/images/default/icn_wait.gif 200 771
<IP address> 2019-10-14 16:34:58 0.203 GET /console-selfservice/framework/js/extjs/4.0.2a/resources/css/ext-all-gray.css 500 5931
<IP address> 2019-10-14 16:34:58 0.407 GET /console-selfservice/framework/js/extjs/4.0.2a/ext-all.js 500 5931
<IP address> 2019-10-14 16:34:58 0.141 GET /console-selfservice/images/default/selfservice_logo.gif 200 16268
<IP address> 2019-10-14 16:34:58 0.093 GET /console-selfservice/common/components/smartmenu/c_smartmenus.js 200
CauseThe authentication requests are coming from an IP address which is not defined in the load balancer details in the RSA Authentication Manager Operations Console.
ResolutionTo resolve this issue,
  1. Login to the primary's RSA Authentication Manager Operations Console.
  2. Navigate to Deployment Configuration > Virtual Host & Load Balancing.
  3. Add the appropriate IP address in Load Balancer Details box and press Add when done.
  4. Press Save to exit.
NotesThere can be up to 30 logs stored for the imsTrace.log, imsConsoleTrace.log and Admin_Server_access files. Additional files will have a number value appended to the file name (file name.log.1, file name.log.2, etc.).

Attachments

    Outcomes