000032697 - Unable to attach an Authentication Manager 8.1 replica instance due to an error enabling replication for the SBR server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032697
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: VMware
Platform (Other): SUSE Linux 11 SP3
 
IssueIn this instance, the database was migrated to a new Authentication Manager 8.1 primary instance from Authentication Manager 7.1.  Attaching a replica to the primary instance fails while configuring replica instance.
User-added image

Note that there are DNS entries and the names are resolved  in both forward and reverse lookup.   There is also a correct replica instance detail in primary hosts file.
There is no failure in the primary instance's configuration log, located in /opt/rsa/am//install_logs/config/config.sh_SetupPrimary_attachReplica_<time_stamp>.log
Configuration step SetupPrimary:attachReplica [SUCCESS]

An error shows in the replica instance's /opt/rsa/am//install_logs/config/config.sh_Appliance_configureReplica_<time_stamp>.log, seen here:
77805  2016-03-07 14:50:34,443 FATAL: Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
77822  2016-03-07 14:50:34,460 FATAL:
Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
java.lang.AssertionError: Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
at com.rsa.plugins.install.CommandLineInstallEngine.fail(CommandLineInstallEngine.groovy:282)
at com.rsa.plugins.install.CommandLineInstallEngine$fail.call(Unknown Source)
at com.rsa.plugins.install.GroovyInstallEngine.fail(GroovyInstallEngine.groovy:31)
at com.rsa.plugins.install.GroovyInstallEngine$_buildScriptEnvironment_closure5.doCall(GroovyInstallEngine.groovy:159)
at RadiusOCConfig.enableRADIUSServerReplication(RadiusOCConfig.groovy:562)
at RadiusOCConfig$enableRADIUSServerReplication.call(Unknown Source)
at SetupReplica$_configureAndAttachReplicaRadiusOnReplicaInstance_closure1.doCall(SetupReplica.groovy:152)
at SetupReplica$_configureAndAttachReplicaRadiusOnReplicaInstance_closure1.doCall(SetupReplica.groovy)
at RadiusOCConfig.runWithVerboseLogging(RadiusOCConfig.groovy:208)
at RadiusOCConfig$runWithVerboseLogging.call(Unknown Source)
at SetupReplica.configureAndAttachReplicaRadiusOnReplicaInstance(SetupReplica.groovy:151)
at SetupReplica$configureAndAttachReplicaRadiusOnReplicaInstance.callCurrent(Unknown Source)
at SetupReplica.configureReplica(SetupReplica.groovy:58)
at SetupReplica$configureReplica.call(Unknown Source)
at Appliance.configureReplica(Appliance.groovy:29)
at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:68)
at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)
at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)
at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)
at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)
at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)
at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)
Exception in thread "Main Thread" java.lang.AssertionError:
Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
at com.rsa.plugins.install.CommandLineInstallEngine.fail(CommandLineInstallEngine.groovy:287)
at com.rsa.plugins.install.CommandLineInstallEngine$fail$0.call(Unknown Source)
at com.rsa.plugins.install.GroovyInstallEngine.fail(GroovyInstallEngine.groovy:35)
at com.rsa.plugins.install.GroovyInstallEngine$fail.callCurrent(Unknown Source)
at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:88)
at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)
at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)
at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)
at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)
at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)
at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)
Configuration step Appliance:configureReplica [FAILED]

CauseThe cause was unknown but the connecting RADIUS was exhausted possibly due to the RADIUS configuration being modified or altered for some reason.
ResolutionThis can be corrected by configuring RADIUS again by running the following command on the primary and restarting RADIUS.
  1. Navigate to /opt/rsa/am/config.
  2. Run the following command.  Note that you will be prompted to enter the password for the rsaadmin user.
rsaadmin@am81p:/opt/rsa/am/config> ./config.sh RadiusOCConfig.configure
0      2016-10-24 09:11:58,412 INFO: One of the dependencies dirs doesn't exist: thirdparty
13     2016-10-24 09:11:58,425 INFO: One of the dependencies dirs doesn't exist: ../common-platform/thirdparty
17     2016-10-24 09:11:58,429 INFO: Arguments: [RadiusOCConfig.configure]
1063   2016-10-24 09:11:59,475 INFO: Script source dir: /opt/rsa/am/config/src/scripts
1063   2016-10-24 09:11:59,475 INFO: Patch Script source dir: null
1236   2016-10-24 09:11:59,648 INFO: Reading configuration from Config.groovy
2118   2016-10-24 09:12:00,530 INFO: Running task RadiusOCConfig.configure
3994   2016-10-24 09:12:02,406 INFO: Executing /opt/rsa/am/radius/radiuswrapper.bin stop radius on command line
6201   2016-10-24 09:12:04,613 INFO: Return code: 0: 
6201   2016-10-24 09:12:04,613 INFO: Output: radius state is running
waiting for radius
radius stopped
7110   2016-10-24 09:12:05,522 INFO: Configuring SBR as PRIMARY RADIUS Server
7248   2016-10-24 09:12:05,660 INFO: Executing /opt/rsa/am/radius/radiuswrapper.bin start radius on command line
7672   2016-10-24 09:12:06,084 INFO: Return code: 0: 
7672   2016-10-24 09:12:06,084 INFO: Output: radius state is stopped
RADIUS: Process ID of daemon is 21354
radius started
7686   2016-10-24 09:12:06,098 INFO: Checking XUI Connection...
12955  2016-10-24 09:12:11,367 INFO: Retrying timer 5276 ms
12956  2016-10-24 09:12:11,368 INFO: Checking XUI Connection...
15139  2016-10-24 09:12:13,551 INFO: Executing free
15596  2016-10-24 09:12:14,008 INFO: Total Memory: 8194240 KB
15607  2016-10-24 09:12:14,019 INFO: Using memory category 8GB
16463  2016-10-24 09:12:14,875 INFO: SSL cert provision was successful
16463  2016-10-24 09:12:14,875 INFO: Bounce the RADIUS server and access the following http url to see the new cert
16463  2016-10-24 09:12:14,875 INFO: https://am81p.vcloud.local:1813/reports/serverStatus/
Successfully provisoned RSA license to SBR server
16691  2016-10-24 09:12:15,103 INFO: License Provision succeeded
16693  2016-10-24 09:12:15,105 INFO: Executing /opt/rsa/am/radius/radiuswrapper.bin stop radius on command line
19910  2016-10-24 09:12:18,322 INFO: Return code: 0: 
19910  2016-10-24 09:12:18,322 INFO: Output: radius state is running
waiting for radius
radius stopped
19912  2016-10-24 09:12:18,324 INFO: Making a copy of radius data files at /opt/rsa/am/radius/empty_database_files
     [copy] Copying 6 files to /opt/rsa/am/radius/empty_database_files
19990  2016-10-24 09:12:18,402 INFO: Making a copy of radius certificate files at /opt/rsa/am/radius/ROOT/backup
19998  2016-10-24 09:12:18,410 INFO: 
                ########### ATTENTION ###########
                ########### ATTENTION ###########
                ########### ATTENTION ###########
                #                               #
                # Enter your user password to   #
                # continue.                     #
                #                               #
                # Your user account must be in  #
                # the /etc/sudoers file first.  #
                #                               #
                #                               #
                ########### ATTENTION ###########
                ########### ATTENTION ###########
                ########### ATTENTION ###########
rsaadmin's password:  <enter operating system user password>
     [exec] Valid RADIUS directory location is provided for ownership change
     [exec] Valid RADIUS directory location is provided for ownership change
     [exec] Valid RADIUS directory location is provided for ownership change
Configuration step RadiusOCConfig.configure [SUCCESS]
rsaadmin@am81p:/opt/rsa/am/config> 

  1. When the command completes, navigate to /opt/rsa/am/server/ and restart RADIUS:
rsaadmin@am81p:/opt/rsa/am/config> cd ../server
rsaadmin@am81p:/opt/rsa/am/server> ./rsaserv start radius
RSA Database Server                                        [RUNNING] Starting RSA Administration Server with Operations Console:
Starting RSA Database Server:
RSA Administration Server with Operations Console          [RUNNING]
Starting RSA RADIUS Server Operations Console:
RSA RADIUS Server Operations Console                       [RUNNING]
Starting RSA Runtime Server: *
RSA Runtime Server                                         [RUNNING]
Starting RSA RADIUS Server: *
RSA RADIUS Server                                          [RUNNING]
rsaadmin@am81p:/opt/rsa/am/server>
NotesCheck if the Operations Console administrators and/or Security Console superadmin users have special characters such as @, ~, &, or $ in the middle of their credentials.

Attachments

    Outcomes