000032697 - Unable to attach a replica instance due to a configuration error when enabling replication for the RADIUS server for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 8, 2020
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000032697
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

 
IssueAttaching a replica to the primary RSA Authentication Manager instance fails while configuring replica instance, as shown below:
 
User-added image


  • There are DNS entries and the names are resolved in both forward and reverse lookup. There is also a correct replica instance detail in primary hosts file.
  • There is no failure in the primary instance's configuration log, located in /opt/rsa/am//install_logs/config/config.sh_SetupPrimary_attachReplica_<time_stamp>.log:


Configuration step SetupPrimary:attachReplica [SUCCESS]


  • An error shows in the replica instance's /opt/rsa/am//install_logs/config/config.sh_Appliance_configureReplica_<time_stamp>.log, seen here:


77805  2016-03-07 14:50:34,443 FATAL: Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
77822  2016-03-07 14:50:34,460 FATAL:
Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
java.lang.AssertionError: Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
at com.rsa.plugins.install.CommandLineInstallEngine.fail(CommandLineInstallEngine.groovy:282)
at com.rsa.plugins.install.CommandLineInstallEngine$fail.call(Unknown Source)
at com.rsa.plugins.install.GroovyInstallEngine.fail(GroovyInstallEngine.groovy:31)
at com.rsa.plugins.install.GroovyInstallEngine$_buildScriptEnvironment_closure5.doCall
(GroovyInstallEngine.groovy:159)
at RadiusOCConfig.enableRADIUSServerReplication(RadiusOCConfig.groovy:562)
at RadiusOCConfig$enableRADIUSServerReplication.call(Unknown Source)
at SetupReplica$_configureAndAttachReplicaRadiusOnReplicaInstance_closure1.doCall(SetupReplica.groovy:152)
at SetupReplica$_configureAndAttachReplicaRadiusOnReplicaInstance_closure1.doCall(SetupReplica.groovy)
at RadiusOCConfig.runWithVerboseLogging(RadiusOCConfig.groovy:208)
at RadiusOCConfig$runWithVerboseLogging.call(Unknown Source)
at SetupReplica.configureAndAttachReplicaRadiusOnReplicaInstance(SetupReplica.groovy:151)
at SetupReplica$configureAndAttachReplicaRadiusOnReplicaInstance.callCurrent(Unknown Source)
at SetupReplica.configureReplica(SetupReplica.groovy:58)
at SetupReplica$configureReplica.call(Unknown Source)
at Appliance.configureReplica(Appliance.groovy:29)
at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:68)
at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)
at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)
at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)
at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)
at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)
at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)
Exception in thread "Main Thread" java.lang.AssertionError:
Error enabling replication for SBR server '<ReplicaInstanceFQDN>'
at com.rsa.plugins.install.CommandLineInstallEngine.fail(CommandLineInstallEngine.groovy:287)
at com.rsa.plugins.install.CommandLineInstallEngine$fail$0.call(Unknown Source)
at com.rsa.plugins.install.GroovyInstallEngine.fail(GroovyInstallEngine.groovy:35)
at com.rsa.plugins.install.GroovyInstallEngine$fail.callCurrent(Unknown Source)
at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:88)
at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)
at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)
at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)
at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)
at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)
at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)
Configuration step Appliance:configureReplica [FAILED]

CauseIdentifying the root cause will be challenging, but the connecting RADIUS was exhausted, possibly due to the RADIUS configuration being modified or altered for some reason.
ResolutionThis can be corrected by configuring RADIUS again by running the following command on the primary and restarting RADIUS.
  1. Launch an SSH client, such as PuTTY.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.



  1. Navigate to /opt/rsa/am/config.
  2. Run the following command.  Note that you will be prompted to enter the password for the rsaadmin user.


login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Wed Jan  8 13:53:21 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/config>
rsaadmin@am81p:/opt/rsa/am/config> ./config.sh RadiusOCConfig.configure
0      2016-10-24 09:11:58,412 INFO: One of the dependencies dirs doesn't exist: thirdparty
13     2016-10-24 09:11:58,425 INFO: One of the dependencies dirs doesn't exist: ../common-platform/thirdparty
17     2016-10-24 09:11:58,429 INFO: Arguments: [RadiusOCConfig.configure]
1063   2016-10-24 09:11:59,475 INFO: Script source dir: /opt/rsa/am/config/src/scripts
1063   2016-10-24 09:11:59,475 INFO: Patch Script source dir: null
1236   2016-10-24 09:11:59,648 INFO: Reading configuration from Config.groovy
2118   2016-10-24 09:12:00,530 INFO: Running task RadiusOCConfig.configure
3994   2016-10-24 09:12:02,406 INFO: Executing /opt/rsa/am/radius/radiuswrapper.bin stop radius on command line
6201   2016-10-24 09:12:04,613 INFO: Return code: 0: 
6201   2016-10-24 09:12:04,613 INFO: Output: radius state is running
waiting for radius
radius stopped

7110   2016-10-24 09:12:05,522 INFO: Configuring SBR as PRIMARY RADIUS Server
7248   2016-10-24 09:12:05,660 INFO: Executing /opt/rsa/am/radius/radiuswrapper.bin start radius on command line
7672   2016-10-24 09:12:06,084 INFO: Return code: 0: 
7672   2016-10-24 09:12:06,084 INFO: Output: radius state is stopped
RADIUS: Process ID of daemon is 21354
radius started

7686   2016-10-24 09:12:06,098 INFO: Checking XUI Connection...
12955  2016-10-24 09:12:11,367 INFO: Retrying timer 5276 ms
12956  2016-10-24 09:12:11,368 INFO: Checking XUI Connection...
15139  2016-10-24 09:12:13,551 INFO: Executing free
15596  2016-10-24 09:12:14,008 INFO: Total Memory: 8194240 KB
15607  2016-10-24 09:12:14,019 INFO: Using memory category 8GB
16463  2016-10-24 09:12:14,875 INFO: SSL cert provision was successful
16463  2016-10-24 09:12:14,875 INFO: Bounce the RADIUS server and access the following http url to see the new cert
16463  2016-10-24 09:12:14,875 INFO: https://am81p.vcloud.local:1813/reports/serverStatus/
Successfully provisoned RSA license to SBR server
16691  2016-10-24 09:12:15,103 INFO: License Provision succeeded
16693  2016-10-24 09:12:15,105 INFO: Executing /opt/rsa/am/radius/radiuswrapper.bin stop radius on command line
19910  2016-10-24 09:12:18,322 INFO: Return code: 0: 
19910  2016-10-24 09:12:18,322 INFO: Output: radius state is running
waiting for radius
radius stopped

19912  2016-10-24 09:12:18,324 INFO: Making a copy of radius data files at /opt/rsa/am/radius/empty_database_files
     [copy] Copying 6 files to /opt/rsa/am/radius/empty_database_files
19990  2016-10-24 09:12:18,402 INFO: Making a copy of radius certificate files at /opt/rsa/am/radius/ROOT/backup
19998  2016-10-24 09:12:18,410 INFO: 
                ########### ATTENTION ###########
                ########### ATTENTION ###########
                ########### ATTENTION ###########
                #                               #
                # Enter your user password to   #
                # continue.                     #
                #                               #
                # Your user account must be in  #
                # the /etc/sudoers file first.  #
                #                               #
                #                               #
                ########### ATTENTION ###########
                ########### ATTENTION ###########
                ########### ATTENTION ###########
rsaadmin's password:  <enter operating system password>
     [exec] Valid RADIUS directory location is provided for ownership change
     [exec] Valid RADIUS directory location is provided for ownership change
     [exec] Valid RADIUS directory location is provided for ownership change
Configuration step RadiusOCConfig.configure [SUCCESS]


  1. When the command completes, navigate to /opt/rsa/am/server/ and restart RADIUS:


rsaadmin@am81p:/opt/rsa/am/config> cd ../server
rsaadmin@am81p:/opt/rsa/am/server> ./rsaserv start radius
RSA Database Server                                        [RUNNING]
Starting RSA Administration Server with Operations Console:
Starting RSA Database Server:
RSA Administration Server with Operations Console          [RUNNING]
Starting RSA RADIUS Server Operations Console:
RSA RADIUS Server Operations Console                       [RUNNING]
Starting RSA Runtime Server: *
RSA Runtime Server                                         [RUNNING]
Starting RSA RADIUS Server: *
RSA RADIUS Server                                          [RUNNING]
NotesCheck if the Operations Console administrators and/or Security Console super admin users have special characters such as @, ~, &, or $ in the middle of their credentials.

Attachments

    Outcomes