000032322 - RSA Authentication Manager 8.1 Patch 8 breaks Token Provisioning Approval Process

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032322
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0 Patch 8
Platform: Linux
O/S Version: Suse Linux
IssueAfter updating or upgrading to Authentication Manager SP1 Patch 8 (or P9 and P10) Administrators will no longer be able to approve Self-Service Token Requests, this will fail with "There was a problem processing the request, unexpected error during command and com.rsa@ucm.request.additional token request check command execution"
additional token request
previously this worked before applying AM 8.1 SP1 P8, P9 or P10.

This bug was caused by Jira Request for Enhancement, RFE AM-29185 - AM 8.1 SSC login Request Token does not distinguish enrollment as AM 7.1 did.
This new problem is being tracked with Jira AM-29756 and will be fixed in a later patch for AM 8.1 SP1.  

This KB contains the work-around from January 6th, 2016.  This problem should be fixed in later patches.

ResolutionYou will need to obtain/download two files from our Customer Support or from our SFTP server then ‘install’ them.  Here’s the Link for the two files that was working on 1/6/16:
manual link:
Once you have the war_files.zip downloaded, you’ll have to unzip and WinSCP copy to your AM Primary and replicas, them please follow these steps to deploy:
-    Before you begin please copy the original files from the server and store them in a safe location that is NOT on the server. Since AM is an appliance it is important the folder structure and content of the server to stay intact. Creating new files/folders anywhere on the server is not allowed and can cause issues that are hard to figure/resolve.  This KB assumes your are running with AM 8.1 SP1 P10, and the two files in the war_files.zip are:
  • console-ims-
  • console-selfservice-
Make backups of the original .war files on your AM Servers before proceeding.
Then WinSCP copy these two .war files to your AM Servers.
WorkaroundRolling back to P7 or earlier will fix this, but if you cannot roll-back patches, use this work-around. This example assumes P10 was installed, so directory is and file has as part of name.
1.    Copy the two files to their respective locations on the server:

2.    Run the following commands to redeploy:
Stop AM services
/opt/rsa/am/server/rsaserv stop

Then delete the following files:
rm -rf /opt/rsa/am/server/servers/AdminServer/tmp/
rm -rf /opt/rsa/am/server/servers/AdminServer/cache/
rm -rf /opt/rsa/am/server/servers/AdminServer/stage/
rm -rf /opt/rsa/am/server/servers/biztier/tmp/
rm -rf /opt/rsa/am/server/servers/biztier/cache/
rm -rf /opt/rsa/am/server/servers/biztier/stage/
rm -rf /opt/rsa/am/server/servers/console/tmp/
rm -rf /opt/rsa/am/server/servers/console/cache/
rm -rf /opt/rsa/am/server/servers/console/stage/
rm -rf /opt/rsa/am/server/servers/radiusoc/tmp/
rm -rf /opt/rsa/am/server/servers/radiusoc/cache/
rm -rf /opt/rsa/am/server/servers/radiusoc/stage/

rm -rf
Then restart AM services
/opt/rsa/am/server/rsaserv start