000015906 - Invalid password when adding an instance as a Replica

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015906
Applies ToAuthentication Manager 7.1 SP2
2003 Server SP2
IssueInvalid password when adding an instance as a Replica
When adding an instance as a Replica via the Operations Console the Pre-Install checks work (including the password verification) however during the Configuration Service there are errors almost immediately, including one that says "InvalidPasswordException: Invalid password, failed to decrypt system key."

The full output from the Dynamic Status Display when this error occurs.


Dynamic Status Display 
 Task Status:  Each task is displayed on this screen as it is processed. When the main task is completed, the Done button is displayed. Starting Pre-Install Checks


Verifying replica package
Verifying password
Verifying replica package location
Verifying replica host name
Verifying replica OS
Verifying connectivity to primary instance database
Verifying primary replication status
Verifying replica configuration
Verifying replica package
Finished Pre-Install Checks


Starting Configuration Service


01 Feb 13:32:23.249 INFO - Starting Configuration Utility
01 Feb 13:32:23.265 INFO - Action: configure
01 Feb 13:32:23.281 INFO - Product: am
01 Feb 13:32:23.281 INFO - Module: setupReplica
01 Feb 13:32:23.281 INFO - Initializing configuration
01 Feb 13:32:23.281 INFO - Configuration Home: C:/PROGRA~1/RSASEC~1/RSAAUT~1/config
01 Feb 13:32:23.281 INFO - Starting configuration engine
01 Feb 13:32:23.281 INFO - Loading configuration data
01 Feb 13:32:23.281 INFO - Loading inventory file: C:/PROGRA~1/RSASEC~1/RSAAUT~1/uninstall/resources/rsainventory.properties
01 Feb 13:32:23.296 INFO - Loading input data file: C:/PROGRA~1/RSASEC~1/RSAAUT~1/uninstall/resources/inputdata.properties
01 Feb 13:32:23.296 INFO - Loading runtime data
01 Feb 13:32:23.312 INFO - Platform Type: windows
01 Feb 13:32:23.312 INFO - Starting configuration command builder
01 Feb 13:32:23.312 INFO - Install Type: replica
01 Feb 13:32:23.312 INFO - DB Type: oracle
01 Feb 13:32:23.312 INFO - Server Type: weblogic
01 Feb 13:32:23.312 INFO - Loading product configuration: C:/PROGRA~1/RSASEC~1/RSAAUT~1/config\am\am.xml
01 Feb 13:32:23.812 INFO - Loading product module configuration: C:/PROGRA~1/RSASEC~1/RSAAUT~1/config\am/replica/setupReplica.xml
01 Feb 13:32:23.843 INFO - Building command: stopManagedWindowsService
01 Feb 13:32:23.843 INFO - Building command: stopProxyWindowsService
01 Feb 13:32:23.859 INFO - Building command: stopAdminWindowsService
01 Feb 13:32:23.859 INFO - Building command: ReadMasterPwd
01 Feb 13:32:24.390 INFO - Building command: ReadConfigkeysSecret
01 Feb 13:32:24.406 INFO - Building command: importReplicaPkg
01 Feb 13:32:24.406 INFO - Building command: PersistConfigData
01 Feb 13:32:24.421 INFO - Building command: SetConfigkeysSecret
01 Feb 13:32:24.421 INFO - Building command: GenerateSecrets
01 Feb 13:32:24.421 INFO - Building command: CopyPrimaryFile
01 Feb 13:32:24.437 INFO - Building command: SetupReplicaSiteCmd
01 Feb 13:32:24.437 INFO - Building command: LoadImsConfigData
01 Feb 13:32:24.453 INFO - Building command: LoadAmConfigData
01 Feb 13:32:24.453 INFO - Building command: updateFQHN
01 Feb 13:32:24.468 INFO - Building command: updateMask
01 Feb 13:32:24.468 INFO - Building command: copyrsaUCMOracleConfigBootstrap-IMSSQL
01 Feb 13:32:24.468 INFO - Building command: Update hostname rsaUCMOracleConfigBootstrap-IMS.sql
01 Feb 13:32:24.484 INFO - Building command: Update guid rsaUCMOracleConfigBootstrap-IMS.sql
01 Feb 13:32:24.484 INFO - Building command: Update guid rsaUCMOracleConfigBootstrap-GUID-IMS.sql
01 Feb 13:32:24.499 INFO - Building command: Update guid rsaUCMOracleConfigBootstrap-Version-IMS.sql
01 Feb 13:32:24.499 INFO - Building command: Load rsaUCMOracleConfigBootstrap-IMS.sql
01 Feb 13:32:24.499 INFO - Building command: registerReplica
01 Feb 13:32:24.546 INFO - Exiting configuration command builder
01 Feb 13:32:24.546 INFO - Starting configuration command execution
01 Feb 13:32:24.546 INFO - Executing Command (am)(setupReplica): stopManagedWindowsService: Stopping managed service
01 Feb 13:32:24.546 INFO - Command Input Properties (stopManagedWindowsService): {serviceName=$N(ims.weblogic.domain.managed.windows.service.name)}
01 Feb 13:32:24.609 INFO - Command Output Property Keys (stopManagedWindowsService): {}
01 Feb 13:32:24.656 INFO - Executing Command (am)(setupReplica): stopProxyWindowsService: Stopping proxy service
01 Feb 13:32:24.656 INFO - Command Input Properties (stopProxyWindowsService): {serviceName=$N(ims.weblogic.domain.proxy.windows.service.name)}
01 Feb 13:32:24.656 INFO - Command Output Property Keys (stopProxyWindowsService): {}
01 Feb 13:32:24.828 INFO - Executing Command (am)(setupReplica): stopAdminWindowsService: Stopping admin service
01 Feb 13:32:24.828 INFO - Command Input Properties (stopAdminWindowsService): {serviceName=$N(ims.weblogic.domain.admin.windows.service.name)}
01 Feb 13:32:24.828 INFO - Command Output Property Keys (stopAdminWindowsService): {}
01 Feb 13:32:24.859 INFO - Executing Command (am)(setupReplica): ReadMasterPwd: Read Secret
01 Feb 13:32:24.859 INFO - Command Input Properties (ReadMasterPwd): {propertiesLocation=$I(rsa.install.location)/utils/etc}
01 Feb 13:32:24.859 INFO - Command Output Property Keys (ReadMasterPwd): {masterPassword=$R(rsa.master.password)}
01 Feb 13:32:24.984 ERROR - Failed configuration command execution
com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Failed to generate properties.
at com.rsa.installfwrk.config.command.ReadSecretsCmd.execute(ReadSecretsCmd.java:206)
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
... 2 more
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Failed to load existing systemfields file
at com.rsa.installfwrk.config.command.ReadSecretsCmd.generateProperties(ReadSecretsCmd.java:320)
at com.rsa.installfwrk.config.command.ReadSecretsCmd.execute(ReadSecretsCmd.java:204)
... 3 more
Caused by: com.rsa.ims.security.keymanager.sys.InvalidPasswordException: Invalid password, failed to decrypt system key
at com.rsa.ims.security.keymanager.sys.PropertiesLoader.c(PropertiesLoader.java:1624)
at com.rsa.ims.security.keymanager.sys.PropertiesLoader.recoverSystemKey(PropertiesLoader.java:1353)
at com.rsa.installfwrk.config.command.ReadSecretsCmd.generateProperties(ReadSecretsCmd.java:246)
... 4 more
Caused by: com.rsa.ims.security.crypto.CryptoException: exception while decrypting
at com.rsa.ims.security.crypto.impl.jsafe.PBEKeyImpl.decrypt(PBEKeyImpl.java:236)
at com.rsa.ims.security.keymanager.sys.PasswordCipherProxyImpl.decrypt(PasswordCipherProxyImpl.java:89)
at com.rsa.ims.security.keymanager.sys.PropertiesLoader.c(PropertiesLoader.java:1621)
... 6 more
Caused by: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
at com.rsa.jsafe.JA_PKCS5Padding.performUnpadding(Unknown Source)
at com.rsa.jsafe.JG_BlockCipher.decryptFinal(Unknown Source)
at com.rsa.ims.security.crypto.impl.jsafe.PBEKeyImpl.decrypt(PBEKeyImpl.java:228)
... 8 more
01 Feb 13:32:24.984 ERROR - Configuration Failed
com.rsa.installfwrk.config.exception.ConfigurationException: Configuration Failed
at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:38)
Caused by: com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Failed to generate properties.
at com.rsa.installfwrk.config.command.ReadSecretsCmd.execute(ReadSecretsCmd.java:206)
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
... 2 more
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Failed to load existing systemfields file
at com.rsa.installfwrk.config.command.ReadSecretsCmd.generateProperties(ReadSecretsCmd.java:320)
at com.rsa.installfwrk.config.command.ReadSecretsCmd.execute(ReadSecretsCmd.java:204)
... 3 more
Caused by: com.rsa.ims.security.keymanager.sys.InvalidPasswordException: Invalid password, failed to decrypt system key
at com.rsa.ims.security.keymanager.sys.PropertiesLoader.c(PropertiesLoader.java:1624)
at com.rsa.ims.security.keymanager.sys.PropertiesLoader.recoverSystemKey(PropertiesLoader.java:1353)
at com.rsa.installfwrk.config.command.ReadSecretsCmd.generateProperties(ReadSecretsCmd.java:246)
... 4 more
Caused by: com.rsa.ims.security.crypto.CryptoException: exception while decrypting
at com.rsa.ims.security.crypto.impl.jsafe.PBEKeyImpl.decrypt(PBEKeyImpl.java:236)
at com.rsa.ims.security.keymanager.sys.PasswordCipherProxyImpl.decrypt(PasswordCipherProxyImpl.java:89)
at com.rsa.ims.security.keymanager.sys.PropertiesLoader.c(PropertiesLoader.java:1621)
... 6 more
Caused by: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
at com.rsa.jsafe.JA_PKCS5Padding.performUnpadding(Unknown Source)
at com.rsa.jsafe.JG_BlockCipher.decryptFinal(Unknown Source)
at com.rsa.ims.security.crypto.impl.jsafe.PBEKeyImpl.decrypt(PBEKeyImpl.java:228)
... 8 more



Error:
Replica Setup failed with exit code: 1
 

CauseThe correct passwords were entered during the entire Replication process however the Master password for the Replica was different from the Master password for the Primary.
ResolutionThe master password on the replicas must match the primary when attaching and for certain other operations. It can be changed on the replica to match the password on the Primary using the following command:

rsautil manage-secrets -a change master-password


Once it matches the primary, attachment can be attempted again.

Legacy Article IDa49708

Attachments

    Outcomes