000012849 - AM 7.1.2- Replica Radius server Configuration Failure -debug-

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012849
Applies ToAuthentication Manager 7.1.4 AM 7.1 SP4 Appliance 3.0.4
Replica Radius Server     RSA_Home\install\logs\configureRADIUSTRACE.log   RSA_Home\install\logs\config_trace.log.1
 

reveal radius shared secret reveal radius secret debug radius secret

IssueHow to configure Primary or Replica Radius Server Successfully configure a replica radius server

Caused by: com.rsa.installfwrk.common.command.exception.CommandException: RemoteCommand: Unable to initialize IMSCommandProxy


 

com.rsa.installfwrk.config.exception.ConfigurationException: Configuration Failed at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:38)


Caused by: com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution

In some cases, when configuring the replica Radius server you will get the following:


Successfully configured RADIUS server


RADIUS Server Properties


Name: yourserver.FQDN


Type:


Status:


Note: The TYPE and STATUS will be blank where are in a successful configuration you will see the actual TYPE and STATUS of the radius server you configured.


Invalid Replication Secret

Check the RSA_HOME/install/logs/config/ConfigureRadiusTrace.log the following exception:


ERROR - Failed configuration command execution
com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Error Running RADIUS Registration Command
at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:35)
at com.rsa.installfwrk.common.command.RemoteCommandBase.execute(RemoteCommandBase.java:49)
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
... 2 more
Caused by: com.rsa.authmgr.radius.exception.RadiusSystemException: Replication server 'rsa2.jsi.jc.com' not found.
at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.enableRADIUSServerReplication(RegisterRadiusServerAdministrationImpl.java:327)
at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.registerRadiusServer(RegisterRadiusServerAdministrationImpl.java:190)
at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand$Executive.execute(RegisterRadiusServerCommand.java:207)
at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand.performExecute(RegisterRadiusServerCommand.java:106)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:75)
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$101(LocalTransactionalCommandTarget.java:45)
at com.rsa.ims.command.LocalTransactionalCommandTarget$1.doInTransaction(LocalTransactionalCommandTarget.java:193)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:186)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:543)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:520)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:91)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:400)
at com.rsa.command.CommandServerEngine.execute(CommandServerEngine.java:307)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:250)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:161)
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:174)
at com.rsa.command.CommandServerBean.executeFrameworkManagedTx(CommandServerBean.java:136)
at com.rsa.command.CommandServer_qt4u4w_EOImpl.executeFrameworkManagedTx(CommandServer_qt4u4w_EOImpl.java:62)
at com.rsa.command.CommandServer_qt4u4w_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread


 


Invalid primary replication secret was provided
RSA_HOME\radiusoc\configutil unconfigure radius  returns   you need to be connected to a running server to execute this command  See a42984
RSA RADIUS Server Operations Console service will not start - RSA RADIUS Server Operations Console service won't start - RSA RADIUS Server Ops Console service
winsvc.log [E] [ServiceStart] Error in JVM. Cause=Unable to open 'D:/PROGRA~2/RSASEC~1/RSAAUT~1/appserver/jdk\jre\lib\ia64\jvm.cfg'  <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:  weblogic.management.configuration.ConfigurationException: D:\Program Files\RSA Security\RSA Authentication Manager\radiusoc\config\config.xml not found
<Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>  [Mon Apr 16 18:10:53 2012] [I] [ExitHandler] Fire (-1)
<Server state changed to FAILED>
 
CauseThe failed configuration is caused because of an incorrect Replication Secret. Call RSA Customer Support to get the Debug utilities to read the actual replication secret set during the configuration of the Primary Radius server.

You will need a debug utility to read the actual replication secret used when the Primary Radius server was configured. Call RSA Customer Support at 800-995-5095 to get the Debug utilities.


- Copy the "debug" folder in the RSA_HOME/config directory.


- On the Primary server, from a command line cd to the RSA_HOME/config directory and run the following command


 For Windows: configutil configure debug rsa.radius.server.secret


For Unix/Linux: ./configUtil.sh configure debug rsa.radius.server.secret  (Note: make sure that the proper permissions are set on the debug folder)


The outcome will finish with the following:


rsa.radius.server.secret=[rsa123]


Configuration complete
Exiting...


The replication secret used to configure the Primary Radius server is [rsa123] without the brackets. Use the replication secret from the debug output to configure the replica Radius server.

ResolutionIf name resolution is correct, reset the system fingerprint for both SecurID and Radius:
From CMD prompt, cd RSA_HOME
cd utils
rsautil manage-secrets -a recover
Master Password:
cd ..\radiusoc\utils
rsautil manage-secrets -a recover
Radius Master Password:                      (should be same as Master Password.  We might even hit a problem with special characters.)
Next Rebalance Agent Hosts, if that does not fix,
Next try debug from Cause above
Last try Risky fix before re-install SP4:
a42984
From a Command prompt
1.    cd RSA_Home\config
2.    configutil unconfigure radius
3.    <confirm that RSA RADIUS OC service is no longer in Windows Services>
4.    configutil configure radius
5.    <wait - until RSA RADIUS OC Service shows in Services>
6.    May not need to do the rest of this:
7.    Mark/Select the output from configure radius command, paste into Wordpad, search for    RADIUS OS user
8.    The line will look something like this: RADIUS OS user RadiusQwFKXOva has password y9Ml13jahi-$$,
       a.    carefully select and copy the 14 character password, including any commas, e.g. y9Ml13jahi-$$,
       b.    Got to Windows Computer Management - Users, find Radius User, e.g. RadiusQwFKXOva, and Click set Password.  Paste in   y9Ml13jahi-$$,
9.    Try Operations Console - RADIUS - Manage Existing.  If none, try RADIUS - Configure Server
If this does not work, un-install and re-install AM 7.1 SP4 and patches
If the RSA_HOME/install/logs/config/ConfigureRadiusTrace.log indicates an issue with communication to the primary, make certain that 1812 TCP (RADIUS Replication Port) and 7002 TCP are listening between primary and replica. The log should indicate which ports represent the issue with communication. If these are not listening on the primary, try restarting AM services on the primary and try again.
NotesRADIUS_debug.zip
Legacy Article IDa51679

Attachments

    Outcomes