000031126 - Toubleshooting ORA-00001: unique constraint (RSA_CORE.UQ_MCK_LONGNM) violated error

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031126
Applies ToRSA Product Set: Adaptive Authentication(On-Prem)
RSA Product/Service Type:
RSA Version/Condition:7.1 SP0 P2 HF20 and above, 7.1 SP0 P3 and above
Platform: All platform
O/S Version: All version
IssueThe following error occurred in aa_server.log. As confirmed from 7.1 SP0 P3 Release Notes, the issue with the key rotation should have been fixed(AA-15989).
2015-06-06 01:20:01,782 ERROR [tomcat-ajp-25] [d1a7-:a3c22b97d41:bb919f75-] [] [org.hibernate.util.JDBCExceptionReporter] - <ORA-00001: unique constraint (RSA_CORE.UQ_MCK_LONGNM) violated
>

 
ResolutionAs of Sept 2015, the issue is still under investigation and root cause analysis is yet to be determined. RSA JIRA ticket AA-16981 has been raised to troubleshoot this issue.
NotesThe issue with key rotation was originally reported in 7.1 P2 with tracking number AA-15955. The issue happens when the key life time has expired and multiple aa_server instances are trying to update the key seed in the database in the same time. This cause inconsistencies between servers as each server has different key seed in memory. When token is encrypted in one server, the other server wouldn't able to decrypt it as the seed used to encrypt the token is different(thus producing token decrypt error).
This issue shouldn't happen in 7.1 P3 and above(and P2 HF 20 and above) as the fix has been incorporated. If you're not seeing any token decrypt error in aa_server.log or aa_alarm.log, we believe this error can be ignored and there should be no issue with key seed integrity.
Please raise a support ticket and send the following logs to RSA Customer Support to troubleshoot further. :
1. aa_server.log, aa_server.forensic.log that is throwing the error
2. Output of MSG_CODE_KEYS, MSG_CODE_KEY_DEFAULT tables from RSA_CORE schema
The complete stack trace of error:
2015-06-06 01:20:01,782 WARN [tomcat-ajp-25] [d1a7-:a3c22b97d41:bb919f75-] [] [org.hibernate.util.JDBCExceptionReporter] - <SQL Error: 1, SQLState: 23000>
2015-06-06 01:20:01,782 ERROR [tomcat-ajp-25] [d1a7-:a3c22b97d41:bb919f75-] [] [org.hibernate.util.JDBCExceptionReporter] - <ORA-00001: unique constraint (RSA_CORE.UQ_MCK_LONGNM) violated
>
2015-06-06 01:20:01,783 ERROR [tomcat-ajp-25] [d1a7-:a3c22b97d41:bb919f75-] [] [org.hibernate.event.def.AbstractFlushingEventListener] - <Could not synchronize database state with session>
org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
        at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:96)
        at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66)
        at org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatcher.java:275)
        at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:262)
        at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:178)
        at org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:321)
        at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:51)
        at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1206)
        at org.hibernate.impl.SessionImpl.managedFlush(SessionImpl.java:375)
        at org.hibernate.transaction.JDBCTransaction.commit(JDBCTransaction.java:137)
        at org.springframework.orm.hibernate3.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:656)
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:754)
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:723)
        at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:147)
        at com.passmarksecurity.security.KeyMgrImpl.getDefaultInternalKey(KeyMgrImpl.java:221)
        at com.passmarksecurity.security.InternalAppCrypt.encrypt(InternalAppCrypt.java:60)
        at com.passmarksecurity.security.InternalAppCrypt.encrypt(InternalAppCrypt.java:44)
        at com.rsa.csd.security.impl.DeviceTokenImplv5.build(DeviceTokenImplv5.java:64)
        at com.passmarksecurity.security.DeviceToken.createWriter(DeviceToken.java:58)
        at com.passmarksecurity.impl.PassMarkDeviceImpl.getToken(PassMarkDeviceImpl.java:1380)
        at com.passmarksecurity.impl.PassMarkDeviceImpl.generateNewDeviceRecord(PassMarkDeviceImpl.java:753)
        at com.passmarksecurity.impl.PassMarkDeviceImpl.generateNewDeviceRecord(PassMarkDeviceImpl.java:551)
        at com.rsa.csd.mcf.acsp.device.DeviceAcsp.handleAuthentication(DeviceAcsp.java:1690)
        at com.rsa.csd.mcf.acsp.device.DeviceAcsp.authenticate(DeviceAcsp.java:494)
        at com.rsa.csd.impl.UserCredentialManagerImpl.authenticate(UserCredentialManagerImpl.java:151)
        at com.rsa.csd.impl.RsaUserImpl.handlePopulation(RsaUserImpl.java:672)
        at com.rsa.csd.impl.RsaUserImpl.populate(RsaUserImpl.java:393)
        at com.rsa.csd.impl.RsaSessionImpl.populate(RsaSessionImpl.java:337)
        at com.rsa.csd.impl.RsaSessionImpl.genericInit(RsaSessionImpl.java:658)
        at com.rsa.csd.impl.RsaSessionImpl.init(RsaSessionImpl.java:266)
        at com.passmarksecurity.impl.PassMarkSessionMgrImpl.createSession(PassMarkSessionMgrImpl.java:366)
        at com.rsa.csd.impl.RsaSystemImpl.createSession(RsaSystemImpl.java:65)
        at com.rsa.csd.ws.impl.helper.GenericHelper.createSession(GenericHelper.java:2689)
        at com.rsa.csd.ws.impl.helper.GenericHelper.getSession(GenericHelper.java:2224)
        at com.rsa.csd.ws.impl.helper.GenericHelper.getTransaction(GenericHelper.java:538)
        at com.rsa.csd.ws.impl.helper.AnalyzeHelper.setChannelIndicatorInTransaction(AnalyzeHelper.java:540)
        at com.rsa.csd.ws.impl.helper.GenericHelper.initSession(GenericHelper.java:294)
        at com.rsa.csd.ws.impl.AdaptiveAuthenticationImpl.analyze(AdaptiveAuthenticationImpl.java:122)
        at axis.delegate.aa_7_0.AdaptiveAuthenticationDelegate.analyze(AdaptiveAuthenticationDelegate.java:67)
        at com.rsa.csd.ws.axis.generated.AdaptiveAuthenticationSkeleton.analyze(AdaptiveAuthenticationSkeleton.java:81)
        at com.rsa.csd.ws.axis.generated.AdaptiveAuthenticationMessageReceiverInOut.invokeBusinessLogic(AdaptiveAuthenticationMessageReceiverInOut.java:106)
        at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
        at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:114)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.rsa.csd.servlet.filters.SessionCredentialsFilter.doFilter(SessionCredentialsFilter.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.rsa.csd.servlet.filters.XsdFilter.doFilter(XsdFilter.java:70)

Attachments

    Outcomes