000015874 - Token synchronization utility fails with an error in RSA Authentication Manager 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000015874
Applies ToRSA Authentication Manager 7.1.SP2
SecurID Appliance 3.0.3
IssueToken synchronization utility fails with an error in RSA Authentication Manager 7.1
Error:"Caused by: com.rsa.common.DataNotFoundException: Could not locate LDAP user with exuid. Error: Unable to lookup Principal object for security domain"
The system activity Monitor shows: "AM_SYNC_TOKENS_JOB_PRINCIPAL_LOOKUP_FAILED com.rsa.common.DataNotFoundException: failed to find principal, at:
UNEXPECTED_EXCEPTION com.rsa.common.SystemException: Unable to lookup Principal object for security domain., at "
Resolution

Verify all assigned tokens and find out if a token is assigned to UNKNOWN user. If you find a token assigned to UNKNOWN, unassign it.


1. Run the report "Users and Group missing from Identity source".


2. Run the clean up job in Security Console ----> Setup ----> general component ----> "Force to delete".


3. Synchronize the LDAP and after that try to run the rsautil again.
1. Open the Security Console> click Setup > Component Configuration > General.
2. Select Synchronize with Identity Source.
3. Use the Start field to select the date you want synchronization to begin. Select to start it today.
4. Use the Frequency fields to select how often, and on which days, you want synchronization to take place.
5. Use the Run Time field to specify what time you want the synchronization to run. Select the time to run it in the next 2 minutes.
Wait for 10 minutes to ensure the above job was completed and try to run the rsautil utility to synchronize the tokens. See How to synchronize RSA SecurID tokens in RSA Authentication Manager 7.1


On appliance:


-bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/utils
-bash-3.00$. ./rsaenv   (Notice the two dots)
-bash-3.00$ ./rsautil sync-tokens -I

Legacy Article IDa53682

Attachments

    Outcomes