on Apr 20, 2020Article Content
| Article Number | 000038748 |
| Applies To | RSA Product Set: RSA SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x |
| Issue | When end users try to import an RSA SecurID software token to their device using CT-KIP, the import fails. The end user sees the following error: Token import failed. Verify that the information entered is correct or contact your administrator. The System Activity Monitor shows the following errors while trying to import the token: Administrator “SYSTEM” attempted to execute command “com.rsa.authmgr.internal.ctkip.command.ProcessCTKIPClientRequestCommand” <EJB exception occurred during invocation from home or business: com.rsa.command.CommandServerEjb30_vraifm_Intf generated exception: com.rsa.command.AuditedLocalizableSystemException: COMMAND_EXECUTION_UNEXPECTED_ERROR Caused by: com.rsa.common.SystemException: com.rsa.common.SystemException: com.rsa.authmgr.internal.ctkip.common.CTKIPServiceFailureException: Failed to process CT_KIP clientNonceRequest com.rsa.authmgr.internal.ctkip.common.CTKIPServiceFailureException: Failed to process CT-KIP clientNonceRequest. Status code = Abort Caused by: com.rsa.common.SystemException: com.rsa.authmgr.internal.ctkip.common.CTKIPServiceFailureException: Failed to process CT_KIP clientNonceRequest com.rsa.authmgr.internal.ctkip.common.CTKIPServiceFailureException: Failed to process CT-KIP clientNonceRequest. Status code = Abort Caused by: com.rsa.authmgr.internal.ctkip.common.CTKIPServiceFailureException: Failed to process CT_KIP clientNonceRequest com.rsa.authmgr.internal.ctkip.common.CTKIPServiceFailureException: Failed to process CT-KIP clientNonceRequest. Status code = Abort> |
| Cause | There is an issue with the defaultRSAToolbar certificate and key pair that was initially provided within the original license .zip file. All licenses that are stored on myRSA.com are now updated with a new certificate and key pair. These new files can be installed on RSA Authentication Manager and used for the CT-KIP deployment. |
| Resolution |
Since all of the license files available on myRSA have been updated, it is a requirement to download the new license, even if you have an old copy of the license files stored locally.
During Quick Setup another username may have been selected. Use that username to log in. login as: rsaadmin Using keyboard-interactive authentication. Password:<enter operating system password> Last login: Mon Apr 20 16:39:41 2020 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@primary:> /opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> com.rsa.db.dba.password: u2Z8iMYLWmaT2hgdIdNUjBLFKiMnJw
rsaadmin@primary:> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: <enter the com.rsa.db.dba.password from above>
DELETE FROM rsa_rep.ims_config_value WHERE name LIKE '%ctkip.service.keystore%';
rsaadmin@primary:> cd /opt/rsa/am/utils rsaadmin@primary:> ./rsautil install-ctkip-keystore -l /tmp -k defaultRSAToolbar.key -c defaultRSAToolbar.cer
rsaadmin@primary:> cd /opt/rsa/am/server rsaadmin@primary:> ./rsaserv restart all |