000038799 - Error 2004: Unable to communicate with server Access Denied when running RSA Authentication Manager Bulk Admin (AMBA) script

Document created by RSA Customer Support Employee on May 1, 2020Last modified by RSA Customer Support Employee on May 14, 2020
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038799
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager Bulk Administration
IssueThe RSA Authentication Manager Bulk Administration tool cannot run scripts. The following error message appears in the command-line Interface:

Error 2004: Unable to communicate with server Access Denied
CausePossible reasons for this error include:
  • The RSA Authentication Manager password policy forced changes for the super admin password, so incorrect credentials are entered.
  • Correct credentials are entered, but the password contains a special character like $.
  • The AMBulkAdmin.jar file has incorrect permissions. This happens when the customer copies the .jar file from one RSA Authentication Manager instance to another without setting the correct permission on the file.
ResolutionTo resolve this issue,
  1. Ensure that the super admin user ID and password are correct by using them to log in to the Security Console.
  2. If the super admin's password contains any special characters and you are passing it in the command ./rsautil AMBulkAdmin -i <test.txt> -o outputlog --verbose -a <super admin name> -P <super admin password>, the special character has to be enclosed in single quotes to avoid any confusion. For example, in the command below the dollar sign is in single quotes:

./rsautil AMBulkAdmin -i <test.txt> -o outputlog --verbose -a superadmin -P P4$$w0rd'$'


Optionally, use a super admin account where the password does not contain special characters.

  1. Check the permissions on the AMBulkAdmin.jar file:
    1. Launch an SSH client, such as PuTTY.
    2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup another username may have been selected. Use that username to log in.

  1. Go to /opt/rsa/am/utils/lib:

login as: rsaadmin
Using keyboard-interactive authentication.
Password:<enter operating system password>
Last login: Fri 1 May 16:39:41 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@alaa:~> cd /opt/rsa/am/utils/lib

  1. Run the following command to identify the AMBulkAdmin.jar file permissions:

rsaadmin@alaa:/opt/rsa/am/utils/lib> ls -l /opt/rsa/am/utils/lib/ | grep AMBulkAdmin
-rw-r--r-- 1 rsaadmin rsaadmin 307446 Aug  2  2019 AMBulkAdmin-

  1. If permissions are not set as shown above, use following commands to change the permissions and ownership of the AMBulkAdmin.jar file:

rsaadmin@alaa:/opt/rsa/am/utils/lib> chmod 644 /opt/rsa/am/utils/lib/AMBulkAdmin*
rsaadmin@alaa:/opt/rsa/am/utils/lib> chown rsaadmin:rsaadmin /opt/rsa/am/utils/lib/AMBulkAdmin*

  1. Go to /opt/rsa/am/utils and run the AMBulkAdmin.jar script again:

rsaadmin@alaa:/opt/rsa/am/utils/lib> cd ..
rsaadmin@alaa:/opt/rsa/am/utils> ./rsautil AMBulkAdmin -i <test.txt> -o outputlog --verbose -a <super admin ID> -P <super admin password>

Replace the <test.txt> value above with the appropriate AMBA .txt or .csv file name, along with the file location, super admin user ID, and password. For example:

rsaadmin@alaa:/opt/rsa/am/utils> ./rsautil AMBulkAdmin -i addgroup.csv -o outputlog --verbose -a superadmin -P P4ssw0rd'$'