000032631 - Unexpected error during command com.rsa.authmgr.admin.radius.AddRadiusClientCommand execution when adding new RADIUS client in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 10, 2020
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032631
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.x
IssueAdding a new RADIUS client to RSA Authentication Manager 8.x generates the following error:
 
Unexpected error during command com.rsa.authmgr.admin.radius.AddRadiusClientCommand execution


User-added image
Exception thrown in the /opt/rsa/am/server/logs/imsTrace.log:2016-02-15 05:42:31,776, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (CommandServerEngine.java:897), trace.com.rsa.command.CommandServerEngine, DEBUG, USEMC-SECRSA001.NA.XOM.COM,,,,Command : class com.rsa.authmgr.admin.radius.AddRadiusClientCommand      
          Execution Exception: java.lang.NullPointerException
java.lang.NullPointerException
      at com.rsa.authmgr.internal.admin.radius.impl.RadiusClientAdministrationImpl.createRadiusClient(RadiusClientAdministrationImpl.java:323)
      at com.rsa.authmgr.admin.radius.AddRadiusClientCommand$Executive.execute(AddRadiusClientCommand.java:304)
      at com.rsa.authmgr.admin.radius.AddRadiusClientCommand.performExecute(AddRadiusClientCommand.java:160)
      at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119)
      at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1)
      at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268)
      at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1)
      at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
      at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260)
      at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933)
      at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1)
      at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113) 
      at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
      at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445)
      at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373)
      at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89)
      at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source)
      at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:32)
      at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source)
      at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source)
      at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:693)
      at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
      at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:518)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
      at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:514)
      at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)


  Taken from the /opt/rsa/am/server/logs/imsTrace.log:
 
2016-02-15 05:43:36,462, [[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'], (RadiusReplicationTimerHandlerImpl.java:274),
trace.com.rsa.authmgr.internal.admin.radius.timer.impl.RadiusReplicationTimerHandlerImpl,
DEBUG, AM81R2.COMPANY.COM,
,
,
,Crafting Critical notification message for :[RadiusReplicationHealthStatus: replicaServerNameam81r2.company.com
,errorDetected: true
,errorStatus: Replica: out-of-date
,decoratedStatus: RadiusReplicationStatus_OUT_OF_DATE]


The following error is seen when removing a replica instance from the Operations Console that was not attached to the RSA Authentication Manager deployment:
 
Error: com.rsa.common.InvalidArgumentException: IP Address is required to perform this operation
CauseA replica instance name is present in the configuration, but is not attached to the primary RSA Authentication Manager server.
ResolutionThe replica instance name needs to be removed from the RSA Authentication Manager configuration.
 

Before continuing, perform a backup of the database, as data is being changed in the database with these steps and this backup will provide a restore point, if needed.  From the Operations Console select Maintenance > Backup and Restore > Backup Now and click Backup.  Optionally, you can change the Backup Name, enter a Password, set backup location.


Follow these steps to manually remove the replica instance.

  1. Enable Secure Shell on the Appliance.
  2. Log On to the Appliance Operating System with SSH.

Note that during Quick Setup another user name may have been selected. Use that user name to login.



  1. Navigate to /opt/rsa/am/utils.
  2. Retrieve the password for the rsa_dba user using the command.  Note that this password is unique for each deployment of RSA Authentication Manager:

rsaadmin@am82p:~> cd /opt/rsa/am/utils


rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password>


com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ


  1. Create a text file in /opt/rsa/am/utils with an appropriate name.  For example, replica_id.sql.
  2. Copy the SELECT statement below into the text file and save the change:

SELECT instance_id FROM rsa_rep.ims_instance_node WHERE host = ‘<replica_FQDN>’;


  1. Obtain the instance id for the replica fully-qualified hostname (FQDN) with this command:

/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t –f replica_id.sql –o replica_id.txt
Password for user rsa_dba: <enter database password from step 4>
psql.bin (9.4.1)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off)
Type "help" for help.

db=#


  1. View the replica_id.txt.  Expect something like c6228df7030a13ac08022fbb70b982ea in replica_id.txt.
  2. Create a text file in /opt/rsa/am/utils with an appropriate name.  For example, ip_change.sql.
  3. Copy the SELECT statement below into the text file and save the change:

UPDATE rsa_rep.am_host SET primary_ip = ‘1.1.1.1’ WHERE server_instance_id=’<instance_id>’;


  1. Update the IP address of the replica instance fully-qualified hostname (FQDN) with the command:

/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t –f ip_change.sql –o ipchangelog.txt

 The ipchangelog.txt will contain the text UPDATE 1.


  1. Use the Operations Console to remove the replica instance fully-qualified hostname (FQDN) from the deployment.
    1. Navigate to Deployment Configuration > Instance > Status Report.
    2. Click on the Replica Instance Name and enter super admin credentials.
    3. Check Yes, delete the replica.
    4. Click Delete.
  2. Once the replica instance FQDN has been removed from the Authentication Manager deployment, an administrator can add a RADIUS client in the Security Console by selecting RADIUS > RADIUS Clients > Add New.


 

Attachments

    Outcomes