000033006 - Troubleshooting an update issue with an RSA Authentication Manager 8.x Web Tier deployment

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 4, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000033006
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.x
IssueAn administrator has hit the Update button to push a recent update to the web tier instance and the status remains as:

Updating in progress
TasksThere are some initial tasks an administrator can perform before collecting data from the web tier instance.
  1. Check name resolution on the web tier and Authentication Manager instances using the nslookup command. An administrator is checking whether the fully qualified hostname of all Authentication Manager and web tier instances can be resolved successfully.  For example:

[root@rh6-webtier-01 ~]# nslookup am81p.corp.net

Name:   am81p.corp.net

[root@rh6-webtier-01 ~]#

  1. Check on the web tier instance for the presence of a listener on port 443/tcp, for example:

[root@rh6-webtier-01 ~]# netstat -ano | grep 443
tcp        0      0*                   LISTEN      off (0.00/0/0)
tcp        0      0     *                   LISTEN      off (0.00/0/0)
[root@rh6-webtier-01 ~]#

  1. Check on the Authentication Manager instance for the presence of a listener on port 7022/tcp; for example:

rsaadmin@am81p:~> netstat -ano | grep 7022
tcp        0      0 ::1:7022                :::*                    LISTEN      off (0.00/0/0)
tcp        0      0          :::*                    LISTEN      off (0.00/0/0)
tcp        0      0 fe80::250:56ff:fe0:7022 :::*                    LISTEN      off (0.00/0/0)
tcp        0      0      :::*                    LISTEN      off (0.00/0/0)
tcp        0      0          :::*                    LISTEN      off (0.00/0/0)

  1. Check that the web tier instance can communicate to the 7022/tcp listener on the preferred Authentication Manager instance, using the command openssl s_client -connect <Authentication Manager IP Address>:7022 on web tier deployments where the host operating system is Red Hat Enterprise Linux, where <Authentication Manager IP Address> is the IP address of the Authentication Manager instance.
ResolutionRSA customer support will ask an administrator to collect the following data for review, as well as provide the fully qualified hostname of the web tier and Authentication Manager instances in the deployment, as this information is required when reviewing the data requested.

In the instances below, [WTHOME] is where administrator installed the Authentication Manager web tier software. By default this folder is /opt/RSASecurity/RSAAuthenticationManagerWebtier.

  • All the files found in the [WTHOME]/appserver/logs folder.
  • The imsTrace.log file found in the [WTHOME]/webtierBootstrapper/n.n.n.n.n/logs folder (where n.n.n.n.n represents the latest patch version; for example, represents Authentication Manager 8.1 Service Pack 1 patch 4).
  • All the *.log files from the [WTHOME]/server/logs folder.
  • All the *.log files from the [WTHOME]/server/servers/AdminServer/logs folder.
  • All the *.log files from the [WTHOME]/server/servers/AdminServer/data/ldap/log folder.
Administrators can use a secure FTP client to copy the requested data from the SecurID Appliance where it is recommended to created an encrypted, password-protected zip file that can be securely provided to RSA Customer Support.

IMPORTANT: RSA Customer Support will require the password used to protect the zip file in either verbal communication or another email (where an email was used to send the zip file). Alternatively, the zip file can be uploaded to the RSA secure site using the RSA knowledge article How to upload files onto RSA Secure FTP (SFTP) site for review by Customer Support where the password is placed in the comments field.