000037062 - 'Database and Web are outside time buffer (15 seconds)' error when starting RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Feb 11, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037062
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.x
IssueThe RSA Identity Governance & Lifecycle server fails to start (or restart) with the following message:
 
$ acm status
● aveksa_server.service - Aveksa Server


Loaded: loaded (/etc/systemd/system/aveksa_server.service; enabled; vendor preset: disabled)
Active: failed since Fri 2018-12-28 14:03:06 EST; 3 s ago
Process: 22611 ExecStop=/etc/init.d/aveksa_server stop (code=exited, status=0/SUCCESS)
Process: 23000 ExecStart=/etc/init.d/aveksa_server start (code=exited, status=1/FAILURE)

Main PID: 23000 (code=exited, status=0/SUCCESS)


Dec 28 14:02:11 acm-710 su[24315]: aveksa_server [24315]: verifying Oracle and system time match …
Dec 28 14:02:36 acm-710 su[24521]: (to oracle) root on none
Dec 28 14:02:36 acm-710 su[24521]: aveksa_server [24315] Database and Web are outside time buffer ( 15 seconds )
Dec 28 14:03:00 acm-710 su[24686]: aveksa_server [24315] Database: 12-28-2018 14:03:03 -0600 < Web : 12-28-2018 14:04:43 -0600
Dec 28 14:03:00 acm-710 su[24686]: aveksa_server [24315] [ Startup Failed]
Dec 28 14:03:06 acm-710 aveksa_server[23000]: aveksa_server.service: Main process started, code=existed, status=1/FAILURE
Dec 28 14:03:06 acm-710 aveksa_server[23000]: Failed to start Aveksa Server
Dec 28 14:03:06 acm-710 aveksa_server[23000]: aveksa_server.service: Unit entered failed state:
Dec 28 14:03:06 acm-710 aveksa_server[23000]: aveksa_server.service: Failed with result ‘exit-code’:
CauseThis is by design. The server is prevented from starting if the time on the Application server and the time on the Oracle database server are off by more than 15 seconds. 
ResolutionThis may occur when a remote database is in use and the time on the Oracle database server is different than the time on the Application server. More specifically, since the machine time is set by the Network Time Protocol (NTP) service, this means that the time is being reported incorrectly by one of the NTP servers.   Run the ntpq command on both the Application server and the Oracle database server to identify which server is reporting the wrong time.
 

acm-710:~ # ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
perturb.org     .INIT.          16 u    - 1024    0    0.000    0.000   0.000

 

The ntpq command also returns the name of the NTP server used by the machine. As a best practice, use the same NTP source for both the Application server and for the Oracle database server wherever possible. This will ensure that both machines are in sync should one of the NTP sources be unreliable.

Workaround

RSA does not recommend working around this issue by adjusting the machine time.

NotesNote that on an RSA Identity Governance & Lifecycle software appliance with an external database, the customer is responsible for ensuring the operating system and machine are configured correctly. If there are issues identifying a definitive NTP source for time synchronization, the customer should defer to their IT department for guidance. 

Attachments

    Outcomes