|Applies To||RSA Product Set : SecurID|
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
|Issue||Initially, the Identity Source Directory Password and Directory User ID was working where the Test Connection reported 'Test Connection(s) successful.'|
Users are still searchable in the Security Console > Identity > Users > Manage Existing > select the Identity Source in the Search Criteria > Search
System Activity Monitor reports a Directory access error where the exception is 'javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]'
|Cause||The Directory User ID used in the Identity Source Connection(s) was found to be a locked account or the password has been changed.|
|Resolution||An administrator must check the Directory User ID is an unlocked account and/or update the Directory Password in the Identity Source Connection(s) configuration found in the Operations Console.|
Next, flush the cache in all of the authentication manager instance(s) deployed and stop / start the authentication manager services.
Flushing the cache is done via the Operations Console > Maintenance > Flush Cache > Additional Credentials Required (Super Admin User ID and Super Admin Password) > Ok > select Flush all cache objects > Flush
Administrator's have the option of rebooting the SecurID Appliance via the Operations Console > Maintenance > Reboot Appliance > select Yes, reboot the appliance > Reboot
..or alternatively the authentication manager services can be stopped and started at the command line with the following commands with the rsaadmin user account:
Check users are still searchable in the Security Console > Identity > Users > Manage Existing > select the Identity Source in the Search Criteria > Search and start a System Activity Monitor using Security Console > Reporting > Real-time Activity Monitors > System Activity Monitor to check for no further Directory access errors occurring.
Please contact RSA Customer Support using the information provided at URL https://community.rsa.com/docs/DOC-1294 should this RSA knowledge article (ref#000032722) not resolve your issue.