000017183 - Unable to access RSA Authentication Manager Security Console after system reboot

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000017183
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  7.1 SP4 and later,. 3.0 SP4 and later
Issue
  • Running ./rsaam status all shows that all RSA services are running.
  • The correct Security Console URL is being used, but administrators are not able to access the Security Console.  
  • SNMP is disabled.
  • The Operations Console is accessible.
  • The error message seen will vary depending on the browser used.  For example:
    • Internet Explorer:  Cannot display the webpage. 
    • Google Chrome:  This webpage has a redirect loop.
    • Firefox:  The page isn't redirecting properly.
  • The RSA_HOME/server/logs/imsTrace.log shows the following errors:
@@@2014-09-15 15:05:01,841, [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'], (SecurityAwareClassPathXmlApplicationContext.java:165), 
trace.com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext, FATAL, app3sp4p.kangnet.local, , , , Failed to refresh application context from
[classpath*:ims-components.xml, classpath*:ims-components-external.xml, classpath*:rsa-components.xml, classpath*:rsa-components-external.xml]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'LoggingConfig' defined in URL
[zip:/usr/local/RSASecurity/RSAAuthenticationManager/server/servers/app3sp4p_server/stage/am-app/am-app/APP-INF/lib/ims-server-o.jar!/ims-components.xml]:
Invocation of init method failed; nested exception is java.lang.NullPointerException
Caused by:
java.lang.NullPointerException
        at com.rsa.ims.logging.log4j.Log4jConfiguratorBase.getNativeAppender(Log4jConfiguratorBase.java:529)
        at com.rsa.ims.logging.log4j.Log4jConfiguratorBase.configureLogger(Log4jConfiguratorBase.java:339)
        at com.rsa.ims.logging.log4j.Log4jConfiguratorBase.processConfiguration(Log4jConfiguratorBase.java:251)
        at com.rsa.ims.logging.log4j.Log4jConfigurator.reconfigureLogging(Log4jConfigurator.java:248)
        at com.rsa.ims.logging.log4j.Log4jConfigurator.updateCurrentConfiguration(Log4jConfigurator.java:209)
        at com.rsa.ims.logging.log4j.Log4jConfigurator.initialize(Log4jConfigurator.java:129)

CauseAn administrator has updated the system to support sending syslog messages from the SecurID appliance to a syslog server.  Authentication Manager failed to initialize the system due to missing properties of *.syslog_facility and *.syslog_layout.
ResolutionTo resolve the issue, 
  1. Check that forward and reverse name resolution are working correctly.
  2. Verify that the URL(s) are correct and that port 7004 is listening.  
  3. Confirm that the Security Console URL being used contains the FQDN of the server, not the IP address.  For example, use https://jenny.gizmo.com:7004/console-ims or https://jenny.gizmo.com:7004/sc not https://86.75.30.9:7004/console-ims and https://86.75.30.9:7004/sc.  
  4. Check permissions of the RSA_HOME/utils/resources/i/ims.properties file as below:
-bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/utils/resources
-bash-3.00$ ls -al  ims.properties
-rwx------  1 rsaadmin root 2220 Sep 15 15:02 ims.properties

  1. Make a copy of the ims.properties file.
  2. Open the ims.properties file in a text editor and confirm that values are set as in the example below and that the appropriate hostname or IP address is listed on the lines for the audit.admin.syslog_host, audit.runtime.syslog_host and the system.syslog_host.  Be sure to confirm that there are no spaces at the end of the line.  See page 211 of the RSA Authentication Manager 7.1 Administrator’s Guide for more information.
  3. Make changes as needed then save the file.
ims.logging.audit.admin.syslog_host       = <hostname or IP address of SIEM server>  # Syslog server IP or SIEM device
ims.logging.audit.admin.syslog_layout     = %d, %X{clientIP}, %c, %p, %m%n
ims.logging.audit.admin.syslog_facility   = 8
ims.logging.audit.admin.use_os_logger     = true
ims.logging.audit.runtime.syslog_host     = <hostname or IP address of SIEM server>  # Syslog server IP or SIEM device
ims.logging.audit.runtime.syslog_layout   = %d, %X{clientIP}, %c, %p, %m%n
ims.logging.audit.runtime.syslog_facility = 8
ims.logging.audit.runtime.use_os_logger   = true
ims.logging.system.syslog_host            = <hostname or IP address of SIEM server>  # Syslog server IP or SIEM device
ims.logging.system.syslog_layout          = %d, %X{clientIP}, %c, %p, %m%n
ims.logging.system.syslog_facility        = 8
ims.logging.system.use_os_logger          = true

  1. Restart the RSA Authentication Manager service on the appliance:
cd ../server
./rsaam restart managed
NotesDepending on the operating system on which Authentication Manager is running, the default program directory will be C:\Program Files\RSA Security\RSA Authentication Manager or /usr/local/RSASecurity/RSAAuthenticationManager.  THis pathis identified in this article as RSA_HOME.
 * * * 
 

The properties *.syslog_facility value is a way of determining which process of the machine created the message.  The logs coming from the RSA Authentication Manager server will use facility number 8. This is set in the system and changing it in the ims.properties file will break the log spooling feature.
The properties *.syslog_layout specify the format of the log messages used. Below is a breakdown of the format used with the RSA Authentication Manager 7.1 server.
syslog_layout = %d, %X{clientIP}, %c, %p, %m%n
%d = date
%X{clientIP} Used to output the MDC (mapped diagnostic context) associated with the thread that generated the logging event,
in this case the output is IP address of the client.
%c Used to output the category of the logging event.
%p Used to output the priority of the logging event.
%m Used to output the application supplied message associated with the logging event.
%n Outputs the platform dependent line separator character
Legacy Article IDa67824

Attachments

    Outcomes