000038685 - Duplicate User ID error when running All Users report in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Apr 6, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038685
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
  • Receiving the following message when running the All Users report;

Error: Duplicate User ID

  • Running the Clean Unresolvable Users job results in the message:

No unresolvable users were found

  • No details about duplicate user IDs are displayed in the System log, in the Administration Activity log, or in /opt/rsa/am/server/logs/imsTrace.log.
  1. Log in to the Operations Console and go to Administration > Download Troubleshooting Files.
  2. Follow the on-screen directions to generate and download the troubleshooting files from the RSA Authentication Manager server.
  3. Extract the files in the downloaded .zip file to a local directory.
  4. Browse /opt/rsa/am/rsapgdata/pg_log/postgres_<datestamp of the latest available log file>. In the example, the duplicate user ID is madhib. The following two errors are in this file: 

2020-04-05 13:22:27.139 GMT [unknown] rsa_user 76c3540c.3pkb 6/596614 1999523
ERROR:  duplicate key value violates unique constraint "ak_ims_principal_isrcid_uid"
2020-04-05 13:22:37.139 GMT [unknown] rsa_user 76c3540c.3pkb 6/596614 1999523
DETAIL:  Key (loginuid, identity_src_id)=(madhib, 5df9024e2909350f01cd29e1a016759b) already exists.

  1.  After determining the duplicate user(s), follow the steps below:
    1. Open the Operations Console.
    2. Browse to Deployment Configuration > Identity Sources > Manage Existing.  
    3. Edit the identity source to which the user belongs:
      1. Click the Map tab.
      2. Change the Search Filter from (&(objectClass=User)(objectcategory=person)) to (&(objectClass=User)(objectcategory=person)(!(samAccountName=<user_id>))), where <user_id> is the duplicate user who is found in the troubleshooting logs. Based on the example above, it is (&(objectClass=User)(objectcategory=person)(!(samAccountName=madhib))).
      3. Click Save.
    4. Log in to the Security Console and browse to Setup > Identity Source > Clean Up Unresolvable Users.
    5. After the cleanup is complete, go back to the Operations Console under Deployment Configuration > Identity Sources > Manage Existing.
    6. Edit the identity source again to restore the Search Filter back to (&(objectClass=User)(objectcategory=person))
    7. Click Save.
  2. Run the All Users report to confirm it runs successfully.