Article Number | 000032722 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: RSA Authentication Manager RSA Version/Condition: 8.x |
Issue | Initially, the Identity Source Directory Password and Directory User ID was working where the Test Connection reported Test Connection(s) successful.
Users are still searchable in the Security Console via Identity > Users > Manage Existing when selecting the identity source in the Search criteria.
System Activity Monitor reports a directory access error where the exception is:
'javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]' |
Cause | The Directory User ID used in the Identity Source Connection(s) was found to be a locked account or the password has been changed. |
Resolution | - An administrator must check the Directory User ID is an unlocked account and/or update the Directory Password in the Identity Source Connection(s) configuration found in the Operations Console.
- Flush the cache in all of the Authentication Manager instance(s) deployed.
- From the Operations Console select Maintenance > Flush Cache.
- Enter super admin credentials.
- Click OK
- Select Flush all cache objects.
- Click Flush.
- Restart the RSA Authentication Manager services, either from the UI or by command line
- login to the Operations Console.
- Select Maintenance > Reboot Appliance.
- Select Yes, reboot the appliance > Reboot.
- Launch an SSH client, such as PuTTY.
- Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
- To stop RSA Authentication Manager services run the command /opt/rsa/am/server/rsaserv stop all.
- When returned to the prompt, start services by running the command /opt/rsa/am/server/rsaserv start all.
- Check users are still searchable in the Security Console (Identity > Users > Manage Existing).
- Select the identity source in the Search Criteria > Search.
- Start a System Activity Monitor using (Reporting > Real-time Activity Monitors > System Activity Monitor) to check that there are no further directory access errors occurring.
|