000013455 - 'Needs Action' or 'Gathering Data -- Please wait 60 seconds' for the Data Transfer Status in the RSA Operations Console of the primary (or Replica) for the Replication Status Report

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013455
Applies ToRSA Authentication Manager 7.1 Service Pack 4 or greater
RSA SecurID Appliance 3.0 Service Pack 4 or greater
7.1 start stop scripts
Issue

'Needs Action' or 'Gathering Data -- Please wait 60 seconds' for the Data Transfer Status in the RSA Operations Console of the primary (or Replica) for the Replication Status Report


replication is working from the primary to the replica but fails from the replica to the primary
ORA-12545: Connect failed because target host or object does not exist
REPLICATION_DBLINK_ERROR
Causename resolution from the replica to the primary failed
Resolution

RSA Authentication Manager 7.1 software relies on forward and reverse lookup of the fully-qualified hostname. The connection between the authentication manager internal databases for replication also relies on forward and reverse lookup of the fully-qualified hostname.


 


Please read chapter 1: Preparing for Installation (page 32) of the RSA Authentication Manager 7.1 Installation and Configuration Guide (revision 2) with regards to forward and reverse lookup from each primary and replica instance in the deployment.


 


Ensuring Name Resolution by using the local Hosts file


 



  

 


  

1.


  

  

 


  

Stop the RSA Authentication Manager 7.1 services


  

 


  

On Windows the following script can be used:


  

     

net stop rsaam


     

REM net stop rsaam_ps


     

net stop rsaam_adm


     

net stop rsaam_nm


     

net stop rsaam_oc


     

net stop radius_oc


     

net stop "Steel-Belted Radius"


     

call rsaenv.cmd


     

net stop rsaam_db_instance


     

net stop OracleService%ORACLE_SID%


     

net stop OracleRSATNSListener%ORACLE_SID%


     

pause


     

  

 


  

On UNIX perform the following:


  

i)              Navigate to the <AMHOME>/server folder


  

ii)             Use the ?./rsaam stop all? command


  

 


  

** where <AMHOME> on a supported UNIX platform and SecurID Appliance 3.0 is the /usr/local/RSASecurity/RSAAuthenticationManager folder **


  

 


  

  

 


  

2.


  

  

 


  

Update the local hosts file of the authentication manager(s) to have the primary and replica(s) IP address, fully-qualified hostname and alias (usually the short hostname)


  

 


  

e.g.


  

     

192.168.15.23      primary.corp.net        primary


     

192.168.15.45      replica01.corp.net      replica01


     

192.168.23.56      replica02.corp.net      replica02


     

  

 


  

On Windows the local hosts file is located in the %systemroot%\system32\drivers\etc folder and on UNIX the /etc folder.


  

 


  

  

 


  

3.


  

  

 


  

Start the RSA Authentication Manager 7.1 services


  

 


  

On Windows the following script can be used:


  

     

call rsaenv.cmd


     

net start OracleRSATNSListener%ORACLE_SID%


     

net start OracleService%ORACLE_SID%


     

net start rsaam_db_instance


     

net start rsaam_nm


     

net start rsaam_adm


     

REM net start rsaam_ps


     

net start rsaam


     

net start "Steel-Belted Radius"


     

net start radius_oc


     

net start rsaam_oc


     

pause


     

  

 


  

On UNIX perform the following:


  

i)              Navigate to the <AMHOME>/server folder


  

ii)             Use the ?./rsaam start all? command


  

 


  

** where <AMHOME> on a supported UNIX platform and SecurID Appliance 3.0 is the /usr/local/RSASecurity/RSAAuthenticationManager folder **


  

 


  

 


  

 


 


Nudging Replication (after first checking name resolution thoroughly)


 


1) Disable replication on the primary [Note, do not Pause Replication in AM 7.1 SP4]


 


2) Disable replication on the replica


 


3) Enable replication on the primary [Note, do not Pause Replication in AM 7.1 SP4, so no need to resume]


 


4) Enable replication on the replica


 


...depending on the number of days replication has failed you may need to perform this operation a second time and be patient while the database sorts out any back log of data.


 



  

 


  

At the command prompt navigate to the <AMHOME>/utils folder to run these commands:


  

 


  

** where <AMHOME> by default on a supported UNIX platform and an RSA SecurID Appliance is the /usr/local/RSASecurity/RSAAuthentcationManager folder and by default on a supported Windows platform is the C:\Program Files\RSA Security\RSA Authentication Manager folder **


  

 


  

DISABLE replication command[Note, do not Pause Replication in AM 7.1 SP4]


  

rsautil manage-rep-error -a run-script -o disable-rep.sql (primary and replica)


  

 


  

ENABLE replication command


  

rsautil manage-rep-error -a run-script -o enable-rep.sql (primary and replica)


  

 


  

 


NOTE: these commands will require knowledge of the Master Password.


 


Here is an example where these commands were used on RSA SecurID Appliances (primary and one replica):


 



  

On the Primary


  

 


  

Disable replication


  

  

 


  

login as: emcsrv
   emcsrv@10.32.28.36's password:
   Last login: Thu Oct 27 09:22:41 2011 from 192.68.17.65


  

-bash-3.00$ sudo su root


  

Password:


  

[root@app30410p /]# su rsaadmin


  

bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/utils


  

[Note, do not Pause Replication in AM 7.1 SP4]


  

 


  

 


  

bash-3.00$ ./rsautil manage-rep-error -a run-script -o disable-rep.sql


  

Enter master password: ***********


  

 


  

Manage Replication Error __IMS__VERSION__


  

Copyright (C) 2006 RSA Security Inc. All rights reserved.


  

 


  

%% running at: app30410p.bellnet.local:[unhcflnq] %%


  

 


  

 


  

 


  

Connected.


  

****************************************************************


  

*     Start turning off the replication for all Apply Processes


  

*      Start turning off the replication for all Apply Processes


  

**    Turning off the Apply Process RSA_STREAMS_APPLY_2


  

*     Turning off the Apply Process RSA_STREAMS_LOG_APPLY_2


  

*     Turning off the Apply Process RSA_STREAMS_APPLY_3


  

*     Turning off the Apply Process RSA_STREAMS_LOG_APPLY_3


  

**    Turning off the replication is completed successfully


  

****************************************************************


  

Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

With the Partitioning, Data Mining and Real Application Testing options


  

 


  

Done...


  

 


  

bash-3.00$


  

 


  

  

On the Replica


  

 


  

Disable Replication


  

  

 


  

login as: emcsrv
   emcsrv@10.32.28.36's password:
   Last login: Thu Oct 27 09:22:41 2011 from 192.68.17.65


  

-bash-3.00$ sudo su root


  

Password:


  

[root@app30410p /]# su rsaadmin


  

bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/utils


  

bash-3.00$ ./rsautil manage-rep-error -a run-script -o disable-rep.sql


  

Enter master password: ***********


  

 


  

Manage Replication Error __IMS__VERSION__


  

Copyright (C) 2006 RSA Security Inc. All rights reserved.


  

 


  

%% running at: app30410r.bellnet.local:[f5sgfvaq] %%


  

 


  

 


  

 


  

Connected.


  

****************************************************************


  

*     Start turning off the replication for all Apply Processes


  

**    Turning off the Apply Process RSA_STREAMS_APPLY_1


  

**    Turning off the replication is completed successfully


  

****************************************************************


  

Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

With the Partitioning, Data Mining and Real Application Testing options


  

 


  

Done...


  

 


  

bash-3.00$


  

 


  

  

On the Primary


  

 


  

Enable Replication


  

 


  

  

 


  

bash-3.00$ ./rsautil manage-rep-error -a run-script -o enable-rep.sql


  

Enter master password: ***********


  

 


  

Manage Replication Error __IMS__VERSION__


  

Copyright (C) 2006 RSA Security Inc. All rights reserved.


  

 


  

%% running at: app30410p.bellnet.local:[unhcflnq] %%


  

 


  

 


  

 


  

Connected.


  

*******************************************************************


  

*    Start turning on the replication for all Replication Processes


  

*    Start turning on the replication for all Replication Processes


  

**    Turning on the Apply Process RSA_STREAMS_APPLY_2


  

*     Turning on the Apply Process RSA_STREAMS_LOG_APPLY_2


  

*     Turning on the Apply Process RSA_STREAMS_APPLY_3


  

*     Turning on the Apply Process RSA_STREAMS_LOG_APPLY_3


  

*     Turning on the Capture Process RSA_STREAMS_CAPTURE


  

**    Turning on the replication is completed successfully


  

*******************************************************************


  

Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

With the Partitioning, Data Mining and Real Application Testing options


  

 


  

Done...


  

bash-3.00$


  

 


  

  

On the Replica


  

 


  

Enable Replication


  

  

 


  

bash-3.00$ ./rsautil manage-rep-error -a run-script -o enable-rep.sql


  

Enter master password: ***********


  

 


  

Manage Replication Error __IMS__VERSION__


  

Copyright (C) 2006 RSA Security Inc. All rights reserved.


  

 


  

%% running at: app30410r.bellnet.local:[f5sgfvaq] %%


  

 


  

 


  

 


  

Connected.


  

*******************************************************************


  

*    Start turning on the replication for all Replication Processes


  

**    Turning on the Apply Process RSA_STREAMS_APPLY_1


  

**    Turning on the replication is completed successfully


  

*******************************************************************


  

Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

With the Partitioning, Data Mining and Real Application Testing options


  

 


  

Done...


  

 


  

bash-3.00$


  

 


  

  

On the Primary & Replica


  

 


  

 


  

  

 


  

bash-3.00$ ./rsautil manage-database -a exec-sql -U com.rsa.replication.admin -f diagnostics/primary_replication_status.sql


  

Enter Master password: ***********


  

 


  

Manage Database ims-2.0.4-build20111004160151


  

Copyright (C) 2010 RSA Security Inc. All rights reserved.


  

 


  

%% Running at: app30410p.bellnet.local:[unhcflnq] %%


  

 


  

===========================================


  

%             Execute SQL                %


  

===========================================


  

Are you sure you want to execute the SQL file [diagnostics/primary_replication_status.sql] ? (Y/N): y


  

.


  

.SQL*Plus: Release 10.2.0.5.0 - Production on Thu Dec 1 11:27:11 2011


  

.


  

.Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.


  

.


  

.


  

.Connected to:


  

.Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

.With the Partitioning, Data Mining and Real Application Testing options


  

.


  

.ENABLED


  

11:27:12 : capture_name => RSA_STREAMS_CAPTURE


  

.capture_status => ENABLED


  

.capture_state => CAPTURING CHANGES


  

.capture_error =>


  

.capture_time => 01-12-2011 11:27:12 AM


  

.used_arc_log_size => 2653


  

.max_arc_log_size => 102400


  

.min_arc_log_time => 22-11-2011 03:00:36 PM


  

.local_utc_time => 01-12-2011 12:27:12 AM +11:00


  

.remote_site_name => app30410r.bellnet.local


  

11:27:12 : link_name => F5SGFVAQ.IMS.RSA


  

.link_status => ENABLED


  

.link_error =>


  

.remote_utc_time => 01-12-2011 12:27:09 AM +11


  

.remote_capture_status => ENABLED


  

.remote_capture_state => CAPTURING CHANGES


  

.remote_capture_error =>


  

.remote_capture_time => 01-12-2011 11:27:09 AM


  

.remote_used_log_size => 2080


  

.remote_max_log_size => 102400


  

.remote_min_log_time => 22-11-2011 11:30:03 AM


  

.local_propagation_status => ENABLED


  

.local_propagation_error =>


  

.local_propagation_num_msgs => 157


  

.remote_propagation_status => ENABLED


  

 


  

Error: remote_propagation_error =>


  

 Done...


  

 


  

bash-3.00$ ./rsautil manage-data -a exec-sql -f diagnostics/IMS_RepErrorRpt.sql -A error_instance.html -U com.rsa.replication.admin


  

Enter Master password: ***********


  

 


  

Manage Database ims-2.0.4-build20111004160151


  

Copyright (C) 2010 RSA Security Inc. All rights reserved.


  

 


  

%% Running at: app30410p.bellnet.local:[unhcflnq] %%


  

 


  

===========================================


  

%             Execute SQL                %


  

===========================================


  

Are you sure you want to execute the SQL file [diagnostics/IMS_RepErrorRpt.sql] ? (Y/N): y


  

.


  

.SQL*Plus: Release 10.2.0.5.0 - Production on Thu Dec 1 11:29:14 2011


  

.


  

.Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.


  

.


  

.


  

.Connected to:


  

.Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

.With the Partitioning, Data Mining and Real Application Testing options


  

.


  

.****************************************************************


  

.*


  

.*


  

.* The report error_instance.html is generated successfully, thanks


  

.*


  

.*


  

.*


  

.****************************************************************


  

.Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production


  

.With the Partitioning, Data Mining and Real Application Testing options


  

 


  

Done...


  

 


  

bash-3.00$


  

 


  

NOTE: report error_instance.html will report errors if there are any issues with the replication queues


  

 


  

 


 


Firewall ports


 



  

 


  

If there is a firewall in-between the primary and replica here is a list for the firewall ports required (bi-directional):


  

 


  

UDP 1645 RSA AM71 RADIUS (legacy)


  

UDP 1812 RSA AM71 RADIUS


  

UDP 1646 RSA AM71 RADIUS accounting (legacy)


  

TCP 1812 RSA AM71 TCP RADIUS admin


  

TCP 1813 RSA AM71 TCP RADIUS admin


  

TCP 2334 RSA AM71 Oracle replication


  

UDP 5500 RSA AM71 Authentication


  

TCP 7002 RSA AM71 Auth Manager admin (used for replica RADIUS update in the AM database)


  

 


  

..here are the remaining RSA Authentication Manager ports:


  

 


  

TCP 5550 RSA AM71 Agent auto-registration


  

TCP 5556 RSA AM71 Node manager


  

TCP 5580 RSA AM71 Offline authentication service


  

TCP 7004 RSA AM71 Proxy load balancer


  

TCP 7006 RSA AM71 Admin server admin channel (internal)


  

TCP 7008 RSA AM71 Admin server (internal)


  

TCP 7012 RSA AM71 Auth Manager admin (internal)


  

TCP 7014 RSA AM71 Proxy server admin (internal)


  

TCP 7022 RSA AM71 Trusted realms (SSL)


  

TCP 7071 RSA AM71 Operations Console (non-SSL)


  

TCP 7072 RSA AM71 Operations Console (SSL)


  

 


  

 


NOTE: a last resort would be to delete the replica from the primary using the replicas RSA Operations Console, generate a replica package and attach the replica back to the primary. This action should not be performed unless advised by RSA Customer Support.


 


 

Notes[Note, do not Pause Replication in AM 7.1 SP4, Pausing stops replication to all replicas, and is very risky that replication will not resume]
Pausing replication was useful in SP2, but it is not recommended at all in SP4 - Jay G.
Legacy Article IDa56699

Attachments

    Outcomes