000012529 - Unable to login to Security Console or Operations Console

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012529
Applies ToAuthentication Manager 7.1, AM 7.1
RSA SecurID Appliance 3.0
RSA SecurID Appliance 3.0.4
Role permissions are correct
non superadmin super admin unable to see menus
 
IssueUnable to login to Security Console or Operations Console
Error when logging into the Security Console is "There was a problem processing your request. Console component registration fail:Unexpected exception during command invocation; nested exception is: com.rsa.common.SystemException: Unexpected exception during command invocation"
Missing tabs in the menu of the Security Console
Only occurs if the user does not have the Super Admin roles assigned
An admin cannot manage tokens, even though it seems like they should be able to do so.
 
Cause
An issue was found that can result in the consoles becoming unregistered from the system.  The first admin that logs onto the Security Console after an upgrade MUST be an unrestricted Superadmin, to recreate the proper menus.
Resolution

1. Verify you can logon to the Security Console with a SuperAdmin account that is in the Internal Database Identity Source, using a Password.  It cannot be another kind of admin, or in an external Identity source.



2. Log on as the RSA fileowner to a  console session\command prompt.   Go to your (RSAHome)\utils directory 
(on an appliance, this is:
/usr/local/RSASecurity/RSAAuthenticationManager/utils          )
3. on UNIX/Appliance (not Windows)  set environment variables with :
. ./rsaenv        (note:  this starts with dot-space-dot-slash)
4. type (all on one line, and also with Unix/Appliance, it needs to start with ./ dot-slash):  

rsautil manage-console-ext -u <Super admin UserID> --reset --deployurllist https://<SERVER_FQHN>:7004/console-ims,,https://<SERVER_FQHN>:7004/console-am,,https://<SERVER_FQHN>:7004/console-ucm


Where <Super admin UserID> is the admin from step 1, and <SERVER_FQHN> is the fully-qualified hostname of the RSA Server or appliance.


It will ask for a Password, the password to be entered is for the SuperAdmin from Step 1,  NOT the Master Password


5.  Stop and Restart all RSA services


6.  Log onto the Security Console with the Super Admin from step 1 (the first one to login after the restart MUST be an internal superadmin, not a restricted admin, or an admin from an external Identity Source). 


Repeat 2-6 on any affected replicas.

WorkaroundSystem was upgraded to SP4
NotesThis issue is noted in the SP4 Release notes here  

Log On to the RSA Security Console as a Super Admin


You must log on to the RSA Security Console as a Super Admin to refresh the updates in the Security Console and the Operations
Console. After you log on as a Super Admin, all other Console users can view the updates. You should also log on to the Security
Console after applying RSA Authentication Manager 7.1 SP4 to make sure that the Service Pack version has been updated on the
Software Version Information page.


keywords  redeploy redeployurl restricted
Also See Error when logging into Security Console: Console component registration fail: Repeated URL redirect on: URL_console
 
Legacy Article IDa48247

Attachments

    Outcomes