000032913 - RSA Authentication Agent 7.2.1 [101] for Windows is not updating offline days

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 21, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032913
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2.1 [101]
Platform: Windows
O/S Version: 7 Professional (64-bit)
 
Issue
  • RSA Authentication Agent 7.2.1 [101] for Windows is not updating offline days.
  • When users attempt to refresh their offline days through the Control Center, the number of days does not update.
  • RSA Authentication Agent 7.2.1 [101] for Windows offline days refresh fails with the message that the DaSvcProofDownloader::processDLTicket: receiver failed
  • The first logon attempt with no offline (OA) days installed on the agent always downloads a full complement, but cannot be refreshed or topped off
  • The server imsTrace.log shows the following error:

<UserID> ERROR, failed to lookup domain object of class:class



  • The agent DAService(da_svc).log shows the following error:

refresh fails with DaSvcProofDownloader::processDLTicket: receiver failed




Output of the imsTrace.log



Navigate to /opt/rsa/am/server/logs on the Authentication Manager server to view the content:



===== imsTrace.log ========
[OARequestHandler1], ( DBUtil.java:73), trace.com.rsa.authmgr.internal.oa.engine.db.DBUtil, DEBUG, A70TCRPPACE01.a70adom.bcbssc.com,,,,Find AM principal: <UserID>[OARequestHandler1], (DataObjectAccessSql.java:549), trace.com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql, ERROR, A70TCRPPACE01.a70adom.bcbssc.com,,,,failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by GUID:b7d435b90e14000a1c34e6973f39c95b 
[OARequestHandler1], ( DBUtil.java:73), trace.com.rsa.authmgr.internal.oa.engine.db.DBUtil, DEBUG, A70TCRPPACE01.a70adom.bcbssc.com,,,,Find AM principal: <UserID>[OARequestHandler1], (DataObjectAccessSql.java:549), trace.com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql, ERROR, A70TCRPPACE01.a70adom.bcbssc.com,,,,failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by GUID:b7d435b90e14000a1c34e6973f39c95b 
[OARequestHandler1], (OAProcessor.java:27), trace.com.rsa.authmgr.internal.oa.engine.OAProcessor, WARN, A70TCRPPACE01.a70adom.bcbssc.com,,,,Unexpected exception during processing: 
java.lang.NullPointerException
  at com.rsa.authmgr.internal.oa.engine.ProofDaProcessor.doRun(ProofDaProcessor.java:30)
  at com.rsa.authmgr.internal.oa.engine.OAProcessor.run(OAProcessor.java:36)
  at com.rsa.authmgr.internal.oa.RequestReceiver.a(RequestReceiver.java:69)
  at com.rsa.authmgr.internal.oa.RequestReceiver$1.run(RequestReceiver.java:4)
  at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:80)
  at com.rsa.security.SecurityContext.doAs(SecurityContext.java:412)
  at com.rsa.authmgr.internal.oa.RequestReceiver.handleConnection(RequestReceiver.java:48)
  at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerTask.run(TCPServer.java:575)
  at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
  at java.lang.Thread.run(Thread.java:680)
  at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerThread.run(TCPServer.java:638)



 



Output of the DAService(da_svc).log


On the agent, navigate to C:\ProgramData\RSA\LogFiles

 


====== DAService(da_svc).log =========== 


2016-03-28 18:04:14.985 17768.16972 [I] DpsDLRequestOp::~DpsDLRequestOp: destructor: Op=65 (DPS_OP_STATUS)    [File:dps_dlrequestop.cpp Line:34 Family:DA ] 
2016-03-28 18:04:14.985 17768.16972 [I] DASvcDLReceiver::run() - returning DPS_DA_REQUEST_DATABASE_ERROR (212)    [File:da_svc_dlreceiver.cpp Line:230 Family:DA_SVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DaSvcProofDownloader::processDLTicket: receiver failed DPS_DA_REQUEST_DATABASE_ERROR (212) [File:da_svc_proofdownloader.cpp Line:136 Family:DASVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DaSvcProofDownloader::process() failure status 212    [File:da_svc_proofdownloader.cpp Line:155 Family:DA_SVC ] 
2016-03-28 18:04:14.985 17768.16972 [I] DpsDLProof::~DpsDLProof    [File:dps_dlproof.cpp Line:109 Family:DASVC ] 

2016-03-28 18:04:14.985 17768.16972 [I] DaSvcProofDownloader::process() exiting: DPS_DA_REQUEST_DATABASE_ERROR (212) [File:da_svc_proofdownloader.cpp Line:186 Family:DA_SVC ] 

2016-03-28 18:04:15.999 17768.16972 [I] DaSvcProofTable::findProof() - entry: name.c_str() = <UserID>; name.length() = 4 [File:da_svc_prooftable.cpp Line:144 Family:DASVC ] 
2016-03-28 18:04:15.999 17768.16972 [I] DaSvcProofTable::findProof() - Proof found 
2016-03-28 18:04:15.999 17768.16972 [I] DpsP4r::DpsP4r copy serial 000<TokenSN> 

Cause
  • The error is caused by duplicate user IDs in the external identity source.
  • The imsTrace.log shows at least two instances of Find AM principal <UserID> ERROR, failed to lookup domain object of class:class.
Resolution

Fix the duplicate user ID problem in the external identity source.  This appears to be true duplicate user ID (different ObjectGUIDs), not identity source overlap where a single user ID with the same ObjectGUID appears twice to Authentication Manager.

Workaround

Clear offline days and logon to the agent for the full offline days download.

NotesTo enable agent verbose logging in the RSA Control Center,
  1. Log in as an administrator.
  2. From Home, select Advanced Tools.
  3. Select Tracing.
  4. On the Tracing page, set the Trace Level to Verbose.
  5. Use the default trace file destination folder or click Browse to select a different location.
  6. For Selected Components, check Select All.
  7. When done, click OK.

Attachments

    Outcomes