000038150 - Services will not start after changing  IP address of RSA Authentication Manager 8.x from command line

Document created by RSA Customer Support Employee on Jan 6, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038150
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager 
RSA Version/Condition: 8.x
IssueAn administrator changed the IP address of the RSA Authentication Manager 8.x server from the Linux command line. After the change, services fail to start and UI consoles are not accessible. The /opt/rsa/am/server/logs/AdminServer.log shows the following error:
 

java.io.IOException: [Server:002664]Failed to start Admin Channel AdminChannel.
        at weblogic.server.channels.ServerSocketManager.createAndBindServerSockets(ServerSocketManager.java:132)
        at weblogic.server.channels.ServerSocketManager.createAndBindAllServerSockets(ServerSocketManager.java:89)
        at weblogic.server.channels.AdminPortService.createAndBindServerSockets(AdminPortService.java:108)
        at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:60)
        at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:76)
        at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1287)
        at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:333)
        at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:375)
        at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)
        at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:305)
        at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:85)
        at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)
        at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:116)
        at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:90)
        at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1237)
        at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1168)
        at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$UpOneLevel.run(CurrentTaskFuture.java:786)
        at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:678)
        at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
        at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
        at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
        at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
        at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:652)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused by: java.net.BindException: Cannot assign requested address
        at sun.nio.ch.Net.bind0(Native Method)
        at sun.nio.ch.Net.bind(Net.java:433)
        at sun.nio.ch.Net.bind(Net.java:425)
        at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
        at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
        at weblogic.socket.ServerSocketMuxer.newServerSocket(ServerSocketMuxer.java:69)
        at weblogic.server.channels.ServerSocketWrapper.newServerSocket(ServerSocketWrapper.java:119)
        at weblogic.server.channels.ServerSocketWrapper$1.run(ServerSocketWrapper.java:355)
        at weblogic.server.channels.ServerSocketWrapper.createAndSetServerSocket(ServerSocketWrapper.java:367)
        at weblogic.server.channels.ServerSocketWrapper.bind(ServerSocketWrapper.java:211)
        at weblogic.server.channels.ServerSocketManager.createBindAndEnableServerSocket(ServerSocketManager.java:162)
        at weblogic.server.channels.ServerSocketManager.createAndBindServerSockets(ServerSocketManager.java:126)
        ... 27 more
CauseThe RSA Authentication Manager network configuration must be changed at the operating system level, and at the application level. Any discrepancy between the two configurations breaks Authentication Manager.
Resolution
  1. Revert the changes that were made from the Linux command line.
  2. Change the Network Settings from the console. For the correct procedure, review Change the Primary Instance IPv4 Network Settings.
Workaround
  1. Get access to the Linux Command line either using SSH or console access.
  2. Switch to root:


sudo su


  1. Run the following command to set the RSA Authentication Manager network settings from the command line:


/opt/rsa/am/utils/bin/appliance/configureNetwork.py\
--fqdn <appliance_fqdn>\
--ipv4 eth0 <new_ip> <subnet_mask> <new_gateway>\
--ipv4-default-gateway <new_gateway>\
--dns-server <new_dns_server_ip> --dns-search <dns_search_domain>

For example:


am84:/home/rsaadmin # /opt/rsa/am/utils/bin/appliance/configureNetwork.py\
>  --fqdn am84.saberlab.com\
>  --ipv4 eth0 192.168.65.150 255.255.255.0 192.168.65.2\
>  --ipv4-default-gateway 192.168.65.2\
>  --dns-server 192.168.65.100 --dns-search saberlab.com

Saving iptables configuration                                                                               done


  1. Restart the RSA Authentication Manager services:


/opt/rsa/am/server/rsaserv restart all



 

Attachments

    Outcomes