000029997 - Unable to call the RSA SOAP Management API from Windows 2003 to AM 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029997
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: VMware
Platform (Other): Windows 2003
O/S Version: 2003
Product Name: Admin API
Product Description: Admin API 8.1
Issue"Error: The request failed with HTTP status 401: Unauthorized"
[java] ERROR: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
[java] com.rsa.common.SystemException: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
[java] at com.rsa.webservice.SOAPCommandTarget.remoteMethod(SOAPCommandTarget.java:198)
[java] at com.rsa.webservice.SOAPCommandTarget.executeCommand(SOAPCommandTarget.java:136)
[java] at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:241)
ResolutionThe "The request failed with HTTP status 401: Unauthorized" error is related to authentication using Command Client User Name and Password. Verify that you have populated the App.config file with proper credentials.
1. Install the hot fix from Microsoft http://support.microsoft.com/kb/948963 on Windows 2003 machine. This is required.
2. Refer to RSA Authentication Manager 8.1 Developer's Guide" section "Generate Web Service Bindings"
TLS Connection Support for Axis 1.3 SOAP Connections
The Authentication Manager server only accepts TLS requests. Clients that are not configured to support TLS may see an error similar to the following:
[java] ERROR: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
[java] com.rsa.common.SystemException: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
To allow the Axis 1.3 client to communicate over TLS, you must use an SSL socket factory capable of supporting TLS, such as the one provided in ws-extras.jar. To use this factory, set the following Java system property:
-Daxis.socketSecureFactory=com.rsa.webservice.transport.IMSSecureSocketFactory
Verify the following for further troubleshooting:
1. Support for TLS is enabled in Internet Options
2. Check if customer can access the below URL from IE.
     https://SERVER_URL:7002/
3. Make sure RSA Root Certificate Available for API Clients. Refer the Developer's guide for more details.
4. The "rsaws.dll" for installed .net framework is available at client executable location
5. Make sure that App.Config files have been updated with correct credentials and URL. Validate provided Command Client User Name and Password.
6. Run the client program with admin credentials.
 

Attachments

    Outcomes