000013087 - Replica fails to attach to the RSA Authentication Manager 8.1 primary instance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013087
Applies ToRSA Authentication Manager 8.1 (virtual appliance), AM 8.1, AM 8.x attach replica, replica attach,
IssueAttaching a replica to the RSA Authentication Manager 8.1 primary instance
Exception in thread "Main Thread" com.rsa.ims.security.keymanager.sys.SystemFingerprintException: The user name specified does not have a password assigned to it
 at com.rsa.ims.security.lockbox.crypto.d.d(d.java:162)
 at com.rsa.ims.security.lockbox.crypto.d.b(d.java:43)
 at com.rsa.ims.security.lockbox.b.recoverSystemKey(b.java:431)
 at com.rsa.ims.security.keymanager.sys.FieldsManager$recoverSystemKey.call(Unknown Source) reported by appliance_setuplogs/install_logs/config/config.sh_Appliance_configureReplica_yyyymmddhhmmss.log
Replica Attachement Status; Configuring replica instance and Starting Services has a Task Status Failed.
CauseThe user name specificed in the error message refers to the Operations Console account and it failed to expand and decrypt a zip file provided by the primary instance.

The following steps will reset an Operations Console administrative account, recover the finger print at the command line using the same Operations Console administrative account and generate a new replica package for the replica to use in the attach process.


After generating a replica package enter the replica URL (e.g. https://am81r.local.net) and enter the access code, provided on the local console. Click the link to setup a replica and configure the replica.


Refer to Step 5 (page 7) found in the RSA Authentication Manager 8.1 Virtual Appliance Getting Started  for the procedure of setting up a replica instance.


Resetting the Operations Console administrative account


Logon to the primary Security Console with an administrative account > Administration > Manage OC Administrators - click Change Password on the Operation Console User ID to change and confirm the change of password.


Recover the Fingerprint


Using an SSH session (or the local console) logon to the RSA Authentication Manager 8.1 primary with the 'rsaadmin' account.


Use this command to recover the finger print : /opt/rsa/am/utils/rsautil manage-secrets -a recover ?u <OC_admin> - p <OC_password>


** substitute the <OC_admin> with the Operations Console administrative account User ID where the password was reset and substitute the <OC_password> with the password **






rsaadmin@am81p:~> /opt/rsa/am/utils/rsautil manage-secrets -a recover -u ocadmin -p RSApass!


Machine fingerprint restored successfully.






Note: putting single ticks '  '  around the password on the command line will escape any Special character interpretation, e.g.  -p 'RSApass!'   

While this example password would not be a problem, it is recommended to use the single ticks to be on the safe side, or leave the -p option off the command line and enter the password at the prompt


Generate a Replica Package


Logon to the primary Operations Console with the Operations Console administrative account > Deployment Configuration >Instances > Generate Replica Package - Download  replica_package.zip


This new replica_package.zip must be used during the attach process of the replica instance.


Please contact RSA Customer Support where this process does not work for further assistance.

Legacy Article IDa67584