000031357 - RSA Authentication Manager 6.1.2 Database Dump Program Fails in a UNIX Environment

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031357
Applies To
RSA Product SetSecurID
RSA Product/Service TypeRSA Authentication Manager
RSA Version/Condition6.1.2 or later
PlatformUNIX
Product DescriptionAuthentication Manager

IssueThere is a requirement to migrate RSA Authentication Manager 6.1.2 production data from a once supported UNIX environment to an RSA Authentication Manager 8.1 deployment.
The database dump program (sddump) is failing to locate a file called sdcfgval and does not generate a database dump file.
CauseA possible cause would be the sddump program has no system variables set to provide it access to the authentication manager instance.
ResolutionUNIX based environments usually require system variables set to ensure the success of the program being used to access the authentication manager 6.1.2 databases (server & log). RSA Authentication Manager 6.1.2 on a UNIX platform has a file called admenv located in the ACEUTILS folder that reveals the environment (system) variables that can be used to create a shell script for running the authentication manager programs (such as the database dump program; sddump).
Example; taken from an installed authentication manager 6.1.2 primary instance on Red Hat 3 Update 8 Enterprise Linux 
[root@redhat3u8P utils]# ./admenv

---------------------------------------------------------------------
The following environment variables must be set in order to use the
administration toolkit.  They must be set for each individual toolkit
user or set globally for all users.
---------------------------------------------------------------------

USR_ACE=/opt/ace/prog
VAR_ACE=/opt/ace/data
DLC=/opt/ace/rdbms
PROPATH=/opt/ace/prog/proapi/adbapi.pl:/opt/ace/prog/proapi/sdproapi.pl:/opt/ace/prog/protrig:/opt/ace/prog
LD_LIBRARY_PATH=/opt/ace/prog

[root@redhat3u8P utils]#

NOTE: The authentication manager 6.1.2 default installation folder on a once supported UNIX platform was /opt/ace and ACEUTILS refers to the default /opt/ace/utils folder location.

Steps to create the shell script to dump the server database


1.Navigate to the ACEUTILS folder either using either the file ownership account for authentication manager (i.e. aceadmin) or the root account.
  
   To start creating the shell script enter the command :
./admenv > /tmp/serverdump.sh
2.Edit /tmp/serverdump.sh and remove the top seven lines so it leaves the following lines:
  
USR_ACE=/var/ace/progVAR_ACE=/var/ace/data
DLC=/var/ace/rdbms
PROPATH=/var/ace/prog/proapi/adbapi.pl:/var/ace/prog/proapi/sdproapi.pl:/var/ace/prog/protrig:/var/ace/prog
LD_LIBRARY_PATH=/var/ace/prog

   Add these two lines to the end of the shell script:
  
export USR_ACE VAR_ACE DLC PROPATH LD_LIBRARY_PATH
$USR_ACE/sddump –s

   NOTE: use the -l parameter with the sddump program to dump the log database
  
   Set the permissions of the shell script using a chmod command:
chmod 755 /tmp/serverdump.sh
3.
    
Determine who started the authentication manager 6.1.2 instance with the command : ps –ef | grep ace
  
   Example:
  
[root@redhat3u8R /]# ps -ef | grep aceroot      1360     1  0 09:40 pts/0    00:00:00 /opt/ace/prog/_mprosrv /opt/ace/data/sdserv -N TCP -S sdserv -pf /opt/ace/prog/sdserv.pf
root      1363     1  0 09:40 pts/0    00:00:00 /opt/ace/rdbms/bin/_mprshut /opt/ace/data/sdserv -C apw
root      1366     1  0 09:40 pts/0    00:00:00 /opt/ace/rdbms/bin/_mprshut /opt/ace/data/sdserv -C biw
root      1368     1  0 09:40 pts/0    00:00:00 /opt/ace/prog/_mprosrv /opt/ace/data/sdlog -N TCP -S sdlog -pf /opt/ace/prog/sdlog.pf
root      1371     1  0 09:40 pts/0    00:00:00 /opt/ace/rdbms/bin/_mprshut /opt/ace/data/sdlog -C apw
root      1374     1  0 09:40 pts/0    00:00:00 /opt/ace/rdbms/bin/_mprshut /opt/ace/data/sdlog -C biw
root      1383     1  0 09:40 pts/0    00:00:00 /opt/ace/prog/sdoad
root      1673     1  0 09:40 ?        00:00:00 acesyncd -ReplicaID 1
root      1699     1  0 09:40 ?        00:00:00 /opt/ace/prog/_aceserver_fe
root      1701     1  0 09:40 ?        00:00:00 _aceserver_be
root      1703     1  0 09:40 ?        00:00:00 _aceserver_be
root      1734  1239  0 09:41 pts/0    00:00:00 grep ace
[root@redhat3u8R /]#

   NOTE: in the above example the first column is showing that root owns the authentication manager processes.
4.Stop the authentication manager services using the account that was used to start the authentication manager services
  
   In my example, root was used to start the authentication manager services so root can stop the authentication manager services..

  
<AMHOME>/prog/aceserver stop
<AMHOME>/prog/sdconnect shutdown
<AMHOME>/prog/sdconnect clean

   ..where <AMHOME> is the folder where the authentication manager software was installed (by default this location is /opt/ace)
5.Navigate to the <AMHOME> folder and run the shell script to dump the server database with the command : /tmp/serverdump.sh
  
   A server database dump file called sdserv.dmp is created in the current folder <AMHOME>.
  
   NOTE: the database dump is encrypted with a security block that was created during the authentication manager installation and is present in the license record (
license.rec). To decrypt the database dump file, perhaps for migration purposes, a copy of the license record is required.
6.Start the authentication manager services using either the file ownership account or root
  
<AMHOME>/prog/sdconnect/start
<AMHOME>/prog/aceserver start

  

NotesIMPORTANT : Only 6.1.2 authentication manager database dumps are supported for migrating data into an RSA Authentication Manager 8.1 deployment.
Contacting RSA Customer Support

 
TelephoneFor urgent issues use on of the telephone numbers listed at URL http://www.emc.com/support/rsa/contact/phone-numbers.htm 
EmailFor non-urgent issues email support@rsa.com
Case
   Management
Case Management is found at URL https://knowledge.rsasecurity.com/scolcms/mysupport.aspx
   (requires access to RSA SecurCare Online)

Attachments

    Outcomes