000033006 - Troubleshooting an Update Issue with an RSA Authentication Manager 8.1 Web Tier Deployment

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033006
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueAn administrator has hit the Update button to push a recent update to the web tier instance and the status remains as "Updating in progress".
TasksThere are some initial tasks an administrator can perform before collecting data from the web tier instance.
  1. Check name resolution on the web tier and authentication manager instances using the nslookup command. An administrator is checking whether the fully qualified hostname of all authentication manager and web tier instances can be resolved successfully.

[root@rh6-webtier-01 ~]# nslookup am81p.corp.net
Name:   am81p.corp.net
[root@rh6-webtier-01 ~]#

  1. Check on the web tier instance for the presence of a listener on port 443/tcp with the command netstat -ano | grep 443

[root@rh6-webtier-01 ~]# netstat -ano | grep 443
tcp        0      0*                   LISTEN      off (0.00/0/0)
tcp        0      0     *                   LISTEN      off (0.00/0/0)
[root@rh6-webtier-01 ~]#

  1. Check on the authentication manager  instance for the presence of a listener on port 7072/tcp with the command netstat -ano | grep 7072

rsaadmin@am81p:~> netstat -ano | grep 7072
tcp        0      0 ::1:7072                :::*                    LISTEN      off (0.00/0/0)
tcp        0      0          :::*                    LISTEN      off (0.00/0/0)
tcp        0      0 fe80::250:56ff:fe0:7072 :::*                    LISTEN      off (0.00/0/0)
tcp        0      0      :::*                    LISTEN      off (0.00/0/0)
tcp        0      0          :::*                    LISTEN      off (0.00/0/0)

  1. Check the web tier instance can communicate to the 7072/tcp listener on the preferred authentication manager instance. Use openssl s_client -connect {IPAddress}:7072 on web tier deployments where the host operating system is Red Hat Enterprise LINUX (where {IPAddress} is the authentication manager instance IP address).
ResolutionAn administrator will be asked to collect the following data for RSA Customer Support to review as well as provide the fully qualified hostname of the web tier and authentication manager instances in the deployment, as this information is required when reviewing the data requested.
  • [WTHOME] is where administrator installed the authentication manager web tier software. Be default this folder is /opt/RSASecurity/RSAAuthenticationManagerWebtier
  1. All the files found in the [WTHOME]/appserver/logs folder
  2. The imsTrace.log file found in the [WTHOME]/webtierBootstrapper/n.n.n.n.n/logs folder (where n.n.n.n.n represents the latest patch version, for example represents authentication manager 8.1 service pack 1 patch 4)
  3. All the *.log files from the [WTHOME]/server/logs folder
  4. All the *.log files from the [WTHOME]/server/servers/AdminServer/logs folder
  5. All the *.log files from the [WTHOME]/server/servers/AdminServer/data/ldap/log folder
Administrators can use a secure FTP client to copy the requested data from the SecurID Appliance where it is recommended to created an encrypted, password protected zip file that can be securely provided to RSA Customer Support.
IMPORTANT: RSA Customer Support will require the password used to protect the zip file in either verbal communication or another email (where an email was used to send the zip file). Alternatively the zip file can be uploaded to the RSA secure site using the RSA knowledge article How to upload files onto RSA Secure FTP (SFTP) site for review by Customer Support where the password is placed in the comments field.