Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000030800 - Clean up unresolvable users fails due to timeout in RSA Authentication Manager 8.x

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Jan 6, 2020

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000030800
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.x
Issue	The option to clean up unresolvable users fails with an error. Log file reports a time out: 2015-03-02 05:37:24,881, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (GenericAccessSQL.java:141), trace.com.rsa.ims.admin.dal.sql.GenericAccessSQL, ERROR, loninrsap04.uk.db.com,,,,Error performing action: SystemActionKey[READ_PRINCIPAL] java.sql.SQLException: The transaction is no longer active - status: 'Rolled back. [Reason=weblogic.transaction.internal.TimedOutException: Transaction timed out after 600 seconds BEA1-0E9C366C88FD4262E80E]'. No further JDBC access is allowed within this transaction. at weblogic.jdbc.wrapper.JTSConnection.checkIfRolledBack(JTSConnection.java:198) at weblogic.jdbc.wrapper.JTSConnection.checkConnection(JTSConnection.java:210) at weblogic.jdbc.wrapper.JTSConnection.prepareStatement(JTSConnection.java:546) at com.rsa.ims.instrumentation.monitor.InstrumentedConnectionProxy.prepareStatement(InstrumentedConnectionProxy.java:197) at com.rsa.ims.common.database.SavePointConnectionProxy.prepareStatement(SavePointConnectionProxy.java:146) at com.rsa.ims.admin.dal.sql.PrincipalAccessSQL.lookupDataAttribute(PrincipalAccessSQL.java:2563) at com.rsa.ims.admin.iscleanup.resolution.SuccessfulResolution.finish(SuccessfulResolution.java:36) at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.finishContext(IdentitySourceCleanupControllerImpl.java:254) at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.trustedResolvePrincipals(IdentitySourceCleanupControllerImpl.java:233) at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.resolvePrincipals(IdentitySourceCleanupControllerImpl.java:160) at com.rsa.admin.GetUnresolvablePrincipalsCommand$Executive.performExecute(GetUnresolvablePrincipalsCommand.java:388) at com.rsa.admin.GetUnresolvablePrincipalsCommand.performExecute(GetUnresolvablePrincipalsCommand.java:337) at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:121)
Cause	The parameter com.rsa.admin.GetUnresolvablePrincipalCommand is used internally to get a list of unresolvable principles and this command has timed out while retrieving the list of principles in current environment.
Resolution	To increase the time out for the parameter com.rsa.admin.GetUnresolvablePrincipalCommand the following steps can be performed by an administrator at the command line. Logon to the SecurID Appliance either with an SSH session or at the local console. Retrieve the password for the rsa_dba user using the following command: /opt/rsa/am/rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password> Login to the database: rsaadmin@marge:/opt/rsa/am/utils> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=# At the db=# prompt, enter the following SQL statements can be used to check if the global parameter exists before inserting the parameter into the primary instance: db=# *SELECT FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout'; id \| instance_id \| name \| value ----------------------------------+------------------+---------------------+------------------------------- 248ecb9c031d2c0a00780ca2b20d7326 \| 0000-Global-0000 \| ims.command.timeout \| com.rsa.batchjob.DeleteBatchJobCommand,3600 5c98277231ac640a0124bbbf733e99a0 \| 0000-Global-0000 \| ims.command.timeout \| com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000 (2 rows) db=# Insert the following parameter into the database: db=#INSERT INTO RSA_REP.IMS_CONFIG_VALUE (id, instance_id, name, value) values (‘5c98277231ac640a012bbbf733e99a1’, ‘0000-Global-0000’, ‘ims.command.timeout’, ‘com.rsa.admin.GetUnresolvablePrincipalsCommand,3600’); INSERT 1 db=# Confirm that the insert worked: db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout'; id \| instance_id \| name \| value ----------------------------------+------------------+---------------------+---------------------------------------------------------------------- 248ecb9c031d2c0a00780ca2b20d7326 \| 0000-Global-0000 \| ims.command.timeout \| com.rsa.batchjob.DeleteBatchJobCommand,3600 5c98277231ac640a0124bbbf733e99a0 \| 0000-Global-0000 \| ims.command.timeout \| com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000 5c98277231ac640a012bbbf733e99a1 \| 0000-Global-0000 \| ims.command.timeout \| com.rsa.admin.GetUnresolvablePrincipalsCommand,3600 (3 rows) db=# Quit the database: db=# \q Restart the Authentication Manager services: /opt/rsa/am/server/rsaserv restart all**
Notes

Attachments

Outcomes

0 Comments

Recommended Content