000032913 - RSA Authentication Agents for Windows (v.7.2.1) are not updating Offline Days

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032913
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1 [101]
Platform: Windows
O/S Version: 7 Professional (64 bit)
 
Issue

Windows Authentication Agents (v.7.2.1) are not updating Offline Days. When users attempt to refresh their Offline Days through the Control Center, the number of days does not update.  Authentication Manager agent for Windows 7.2.1[101] Offline Days refresh fails with DaSvcProofDownloader::processDLTicket: receiver failed
First Logon with no OA days always downloads full compliment, but cannot refresh or top off
The server imsTrace.log shows 2 Find AM principal


<UserID> ERROR, failed to lookup domain object of class:class

 

And the agent DAService(da_svc).log shows


refresh fails with DaSvcProofDownloader::processDLTicket: receiver failed

 


===== imsTrace.log ========
[OARequestHandler1], ( DBUtil.java:73), trace.com.rsa.authmgr.internal.oa.engine.db.DBUtil, DEBUG, A70TCRPPACE01.a70adom.bcbssc.com,,,,Find AM principal: <UserID> [OARequestHandler1], (DataObjectAccessSql.java:549), trace.com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql, ERROR, A70TCRPPACE01.a70adom.bcbssc.com,,,,failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by GUID:b7d435b90e14000a1c34e6973f39c95b 
[OARequestHandler1], ( DBUtil.java:73), trace.com.rsa.authmgr.internal.oa.engine.db.DBUtil, DEBUG, A70TCRPPACE01.a70adom.bcbssc.com,,,,Find AM principal: <UserID> [OARequestHandler1], (DataObjectAccessSql.java:549), trace.com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql, ERROR, A70TCRPPACE01.a70adom.bcbssc.com,,,,failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by GUID:b7d435b90e14000a1c34e6973f39c95b 
[OARequestHandler1], (OAProcessor.java:27), trace.com.rsa.authmgr.internal.oa.engine.OAProcessor, WARN, A70TCRPPACE01.a70adom.bcbssc.com,,,,Unexpected exception during processing: 
java.lang.NullPointerException 
at com.rsa.authmgr.internal.oa.engine.ProofDaProcessor.doRun(ProofDaProcessor.java:30) 
at com.rsa.authmgr.internal.oa.engine.OAProcessor.run(OAProcessor.java:36) 
at com.rsa.authmgr.internal.oa.RequestReceiver.a(RequestReceiver.java:69) 
at com.rsa.authmgr.internal.oa.RequestReceiver$1.run(RequestReceiver.java:4) 
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:80) 
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:412) 
at com.rsa.authmgr.internal.oa.RequestReceiver.handleConnection(RequestReceiver.java:48) 
at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerTask.run(TCPServer.java:575) 
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) 
at java.lang.Thread.run(Thread.java:680) 
at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerThread.run(TCPServer.java:638)

 
======= DAService(da_svc).log ===========
2016-03-28 18:04:14.985 17768.16972 [I] DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=65 (DPS_OP_STATUS)    [File:dps_dlrequestop.cpp Line:34 Family:DA ] 
2016-03-28 18:04:14.985 17768.16972 [I] DASvcDLReceiver::run() - returning DPS_DA_REQUEST_DATABASE_ERROR (212)    [File:da_svc_dlreceiver.cpp Line:230 Family:DA_SVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DaSvcProofDownloader::processDLTicket: receiver failed DPS_DA_REQUEST_DATABASE_ERROR (212) [File:da_svc_proofdownloader.cpp Line:136 Family:DASVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DaSvcProofDownloader::process() failure status 212    [File:da_svc_proofdownloader.cpp Line:155 Family:DA_SVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DpsDLProof::~DpsDLProof    [File:dps_dlproof.cpp Line:109 Family:DASVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DaSvcProofDownloader::process() exiting: DPS_DA_REQUEST_DATABASE_ERROR (212) [File:da_svc_proofdownloader.cpp Line:186 Family:DA_SVC ] 
2016-03-28 18:04:15.999 17768.16972 [I] DaSvcProofTable::findProof() - entry: name.c_str() = <UserID>; name.length() = 4 [File:da_svc_prooftable.cpp Line:144 Family:DASVC ] 
2016-03-28 18:04:15.999 17768.16972 [I] DaSvcProofTable::findProof() - Proof found 
2016-03-28 18:04:15.999 17768.16972 [I] DpsP4r::DpsP4r copy serial 000<TokenSN>
Cause

Duplicate UserIDs in the external Identity Source.
imsTrace.log shows at least 2 Find AM principal <UserID> ERROR, failed to lookup domain object of class:class

Resolution

Fix the duplicate UserID problem in the external Identity Source.  This appeared to be true duplicate UserIDs (different ObjectGUIDs), not Identity Source overlap where a single UserID with the same ObjectGUID appearing twice to AM.

Workaround

Clear offline days and logon to the agent for full download.

Attachments

    Outcomes