Issue | Adding a new RADIUS client to RSA Authentication Manager 8.x generates the following error:
Unexpected error during command com.rsa.authmgr.admin.radius.AddRadiusClientCommand execution

Exception thrown in the /opt/rsa/am/server/logs/imsTrace.log:2016-02-15 05:42:31,776, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (CommandServerEngine.java:897), trace.com.rsa.command.CommandServerEngine, DEBUG, USEMC-SECRSA001.NA.XOM.COM,,,,Command : class com.rsa.authmgr.admin.radius.AddRadiusClientCommand Execution Exception: java.lang.NullPointerException java.lang.NullPointerException at com.rsa.authmgr.internal.admin.radius.impl.RadiusClientAdministrationImpl.createRadiusClient(RadiusClientAdministrationImpl.java:323) at com.rsa.authmgr.admin.radius.AddRadiusClientCommand$Executive.execute(AddRadiusClientCommand.java:304) at com.rsa.authmgr.admin.radius.AddRadiusClientCommand.performExecute(AddRadiusClientCommand.java:160) at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119) at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1) at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268) at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130) at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260) at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933) at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1) at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113) at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439) at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445) at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373) at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89) at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source) at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:32) at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source) at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source) at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:693) at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230) at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:518) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146) at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:514) at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256) at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Taken from the /opt/rsa/am/server/logs/imsTrace.log:
2016-02-15 05:43:36,462, [[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'], (RadiusReplicationTimerHandlerImpl.java:274), trace.com.rsa.authmgr.internal.admin.radius.timer.impl.RadiusReplicationTimerHandlerImpl, DEBUG, AM81R2.COMPANY.COM, , , ,Crafting Critical notification message for :[RadiusReplicationHealthStatus: replicaServerNameam81r2.company.com ,errorDetected: true ,errorStatus: Replica: out-of-date ,decoratedStatus: RadiusReplicationStatus_OUT_OF_DATE]
The following error is seen when removing a replica instance from the Operations Console that was not attached to the RSA Authentication Manager deployment:
Error: com.rsa.common.InvalidArgumentException: IP Address is required to perform this operation |
Resolution | The replica instance name needs to be removed from the RSA Authentication Manager configuration.
Before continuing, perform a backup of the database, as data is being changed in the database with these steps and this backup will provide a restore point, if needed. From the Operations Console select Maintenance > Backup and Restore > Backup Now and click Backup. Optionally, you can change the Backup Name, enter a Password, set backup location. Follow these steps to manually remove the replica instance.
- Enable Secure Shell on the Appliance.
- Log On to the Appliance Operating System with SSH.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
- Navigate to /opt/rsa/am/utils.
- Retrieve the password for the rsa_dba user using the command. Note that this password is unique for each deployment of RSA Authentication Manager:
rsaadmin@am82p:~> cd /opt/rsa/am/utils
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password>
com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ
- Create a text file in /opt/rsa/am/utils with an appropriate name. For example, replica_id.sql.
- Copy the SELECT statement below into the text file and save the change:
SELECT instance_id FROM rsa_rep.ims_instance_node WHERE host = ‘<replica_FQDN>’;
- Obtain the instance id for the replica fully-qualified hostname (FQDN) with this command:
/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t –f replica_id.sql –o replica_id.txt Password for user rsa_dba: <enter database password from step 4> psql.bin (9.4.1) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off) Type "help" for help.
db=#
- View the replica_id.txt. Expect something like c6228df7030a13ac08022fbb70b982ea in replica_id.txt.
- Create a text file in /opt/rsa/am/utils with an appropriate name. For example, ip_change.sql.
- Copy the SELECT statement below into the text file and save the change:
UPDATE rsa_rep.am_host SET primary_ip = ‘1.1.1.1’ WHERE server_instance_id=’<instance_id>’;
- Update the IP address of the replica instance fully-qualified hostname (FQDN) with the command:
/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t –f ip_change.sql –o ipchangelog.txt
The ipchangelog.txt will contain the text UPDATE 1.
- Use the Operations Console to remove the replica instance fully-qualified hostname (FQDN) from the deployment.
- Navigate to Deployment Configuration > Instance > Status Report.
- Click on the Replica Instance Name and enter super admin credentials.
- Check Yes, delete the replica.
- Click Delete.
- Once the replica instance FQDN has been removed from the Authentication Manager deployment, an administrator can add a RADIUS client in the Security Console by selecting RADIUS > RADIUS Clients > Add New.
|