000033040 - Authentication Manager 8.1 Console services stopped - Shutdown without explanation

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033040
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: Linux
O/S Version: Suse Linux
Issue

Authentication Manager 8.1 Console services stopped - shutdown without explanation, have to be manually restarted.  Can occur repeatedly.
 


RSA Database Server [RUNNING] 
RSA Administration Server with Operations Console [SHUTDOWN] 
RSA RADIUS Server Operations Console [SHUTDOWN] 
RSA Runtime Server [RUNNING] 
RSA RADIUS Server [RUNNING] 
RSA Console Server [SHUTDOWN] 
RSA Replication (Primary) [RUNNING]

 


Authentication typically continue to work, but console access does not
symptoms include:


====../servers/AdminServer/logs/server.log========= 
<Apr 3, 2016 1:20:32 AM EDT> <Warning> <JTA> <'rsa_server'> <biztier> <[ACTIVE] ExecuteThread: '24' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1459660832072> <BEA-111004> <Transaction could not set CoordinatorURL to use AdminChannel downgrading java.rmi.UnknownHostException: Could not discover administration URL for server 'biztier' 
===followed by gap in logs until AM tries to restart service===

 


 


====../servers/logs/AdminServer.log===== 
Same gap 
####<Apr 3, 2016 1:20:32 AM EDT> <Alert> <Security> <'rsa_server'> <AdminServer> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1459660832056> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /opt/rsa/am/server/security/webserver-identity.jks under alias server_identity_key on server AdminServer> 
####<Apr 5, 2016 12:08:05 PM EDT> <Info> <Security> <'rsa_server'> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1459872485912> <BEA-000000> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>

 

 


=====messages=====
Apr 5 11:15:02 'rsa_server' syslog-ng[2424]: Configuration reload request received, reloading configuration;
weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:917)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054) 
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873) 
at weblogic.security.SecurityService.start(SecurityService.java:148) 
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64) 
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256) 
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) 
####<Apr 3, 2016 2:14:07 AM EDT> <Notice> <WebLogicServer> <'rsa_server'> <console> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1459664047499> <BEA-000365> <Server state changed to FAILED.> 
####<Apr 3, 2016 2:14:07 AM EDT> <Error> <WebLogicServer> <'rsa_server'> <console> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1459664047499> <BEA-000383> <A critical service failed. The server will shut itself down.> 
####<Apr 3, 2016 2:14:07 AM EDT> <Notice> <WebLogicServer> <'rsa_server'> <console> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1459664047502> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.> 
<Apr 3, 2016 2:14:07 AM EDT> <Error> <Security> <'rsa_server'> <console> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1459664047402> <BEA-090870> <The realm "rsa" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift.. 
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift. 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:466) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034) 
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879) 
at weblogic.security.SecurityService.start(SecurityService.java:148) 
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64) 
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256) 
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) 
Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /opt/rsa/am/appserver/weblogic/server/lib/XACMLAuthorizerInit.ldift. 
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365) 
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315) 
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257) 
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72) 
at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155) 
at com.bea.security.css.CSS.getService(CSS.java:123) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:458) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:871) 
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1034) 
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879) 
at weblogic.security.SecurityService.start(SecurityService.java:148) 
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64) 
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256) 
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Cause

This is indicative of Jira bug AM-27789 - AM 8 Runtime server shutdown for unknown reason.
This bug affects affects all versions pre-AM 8.1 SP1 P2.  Possibly related to AM-28536, /opt/rsa/am/utils/rsautil.sh is 0 bytes

Resolution

Both bugs are fixed in AM 8.1 SP1 P2 or later versions.

Workaround

Manually restart services.

Attachments

    Outcomes