000030727 - Moving the RSA Authentication Manager 8.x virtual appliance from one ESX host to another

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 3, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030727
Applies ToRSA Product Set: SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition: 8.x
IssueThere is a requirement to move the RSA Authentication Manager 8.x virtual appliance from one ESX host to another, perhaps because the VMware environment is being upgraded.
ResolutionThe RSA Authentication Manager 8.x software knows the hardware (or virtual hardware) on which it is installed, so moving the virtual appliance from one ESX host to another (with regards to a VMware environment) will cause a problem with the Authentication Manager system fingerprint. The most common change is the MAC address of the virtual network card.
 
After moving the virtual appliance, an administrator is required to use the command rsautil manage-secrets –a recover to reset the system fingerprint.

NOTE: The Operations Console administrative username and password are required to use this command. 


Usage



  1. Using the steps in 000038244 - SSH to an RSA Authentication Manager server, use the rsaadmin account to logon to the operating system hosting the Authentication Manager instance.


login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system user password>
Last login: Fri Sep 18 18:18:20 2019 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am


  1. Navigate to /opt/rsa/am/utils.
  2. Use the command ./rsautil manage-secrets –a recover to restore the system fingerprint.


rsaadmin@app81p:> cd /opt/rsa/am/utils
rsaadmin@app81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a recover
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
Machine fingerprint restored successfully.


  1. Navigate to /opt/rsa/am/server and restart all RSA Authentication Manager services for the change to take effect:


rsaadmin@app81p:/opt/rsa/am/utils> cd ../server
rsaadmin@app81p:/opt/rsa/am/server> ./rsaserv restart all
Stopping RSA RADIUS Server: **
RSA RADIUS Server                                          [SHUTDOWN]
Stopping RSA Runtime Server: ****
RSA Runtime Server                                         [SHUTDOWN]
Stopping RSA Console Server: ***
RSA Console Server                                         [SHUTDOWN]
Stopping RSA Replication (Primary): *
RSA Replication (Primary)                                  [SHUTDOWN]
Stopping RSA Database Server: **
RSA Database Server                                        [SHUTDOWN]
Stopping RSA RADIUS Server Operations Console: **
RSA RADIUS Server Operations Console                       [SHUTDOWN]
Stopping RSA Administration Server with Operations Console: **
RSA Administration Server with Operations Console          [SHUTDOWN]
Starting RSA Database Server:
Starting RSA Administration Server with Operations Console: ****************************
RSA Administration Server with Operations Console          [RUNNING]
Starting RSA RADIUS Server Operations Console: / RSA Database Server                  [RUNNING   *****************
RSA RADIUS Server Operations Console                       [RUNNING]
Starting RSA Runtime Server: **********************************
RSA Runtime Server                                         [RUNNING]
Starting RSA RADIUS Server: **
RSA RADIUS Server                                          [RUNNING]
Starting RSA Console Server: *
Starting RSA Replication (Primary): ****
RSA Replication (Primary)                                  [RUNNING]*****************************
RSA Console Server                                         [RUNNING]


 

Attachments

    Outcomes