000032722 - RSA Authentication Manager 8.1 System Activity Monitor Reports Directory Access Errors

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032722
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueInitially, the Identity Source Directory Password and Directory User ID was working where the Test Connection reported 'Test Connection(s) successful.'
Users are still searchable in the Security Console > Identity > Users > Manage Existing > select the Identity Source in the Search Criteria > Search
System Activity Monitor reports a Directory access error where the exception is 'javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]'
CauseThe Directory User ID used in the Identity Source Connection(s) was found to be a locked account or the password has been changed.
ResolutionAn administrator must check the Directory User ID is an unlocked account and/or update the Directory Password in the Identity Source Connection(s) configuration found in the Operations Console.
Next, flush the cache in all of the authentication manager instance(s) deployed and stop / start the authentication manager services.
Flushing the cache is done via the Operations Console > Maintenance > Flush Cache > Additional Credentials Required (Super Admin User ID and Super Admin Password) > Ok > select Flush all cache objects > Flush
Administrator's have the option of rebooting the SecurID Appliance via the Operations Console > Maintenance > Reboot Appliance > select Yes, reboot the appliance > Reboot
..or alternatively the authentication manager services can be stopped and started at the command line with the following commands with the rsaadmin user account:
 


stopping authentication manager services/opt/rsa/am/server/rsaserv stop all
starting authentication manager services/opt/rsa/am/server/rsaserv start all


Check users are still searchable in the Security Console > Identity > Users > Manage Existing > select the Identity Source in the Search Criteria > Search and start a System Activity Monitor using Security Console > Reporting > Real-time Activity Monitors > System Activity Monitor to check for no further Directory access errors occurring.
Please contact RSA Customer Support using the information provided at URL https://community.rsa.com/docs/DOC-1294 should this RSA knowledge article (ref#000032722) not resolve your issue.

Attachments

    Outcomes