000030800 - Clean up unresolvable users fails due to timeout in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 6, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030800
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
 
IssueThe option to clean up unresolvable users fails with an error.

Log file reports a time out:
2015-03-02 05:37:24,881, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (GenericAccessSQL.java:141), trace.com.rsa.ims.admin.dal.sql.GenericAccessSQL, ERROR, loninrsap04.uk.db.com,,,,Error performing action: SystemActionKey[READ_PRINCIPAL]
java.sql.SQLException: The transaction is no longer active - status: 'Rolled back. [Reason=weblogic.transaction.internal.TimedOutException: Transaction timed out after 600 seconds
BEA1-0E9C366C88FD4262E80E]'. No further JDBC access is allowed within this transaction.


at weblogic.jdbc.wrapper.JTSConnection.checkIfRolledBack(JTSConnection.java:198)
at weblogic.jdbc.wrapper.JTSConnection.checkConnection(JTSConnection.java:210)
at weblogic.jdbc.wrapper.JTSConnection.prepareStatement(JTSConnection.java:546)
at com.rsa.ims.instrumentation.monitor.InstrumentedConnectionProxy.prepareStatement(InstrumentedConnectionProxy.java:197)
at com.rsa.ims.common.database.SavePointConnectionProxy.prepareStatement(SavePointConnectionProxy.java:146)
at com.rsa.ims.admin.dal.sql.PrincipalAccessSQL.lookupDataAttribute(PrincipalAccessSQL.java:2563)
at com.rsa.ims.admin.iscleanup.resolution.SuccessfulResolution.finish(SuccessfulResolution.java:36)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.finishContext(IdentitySourceCleanupControllerImpl.java:254)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.trustedResolvePrincipals(IdentitySourceCleanupControllerImpl.java:233)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.resolvePrincipals(IdentitySourceCleanupControllerImpl.java:160)
at com.rsa.admin.GetUnresolvablePrincipalsCommand$Executive.performExecute(GetUnresolvablePrincipalsCommand.java:388)
at com.rsa.admin.GetUnresolvablePrincipalsCommand.performExecute(GetUnresolvablePrincipalsCommand.java:337)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:121)
CauseThe parameter com.rsa.admin.GetUnresolvablePrincipalCommand is used internally to get a list of unresolvable principles and this command has timed out while retrieving the list of principles in current environment.
ResolutionTo increase the time out for the parameter com.rsa.admin.GetUnresolvablePrincipalCommand the following steps can be performed by an administrator at the command line.
  1. Logon to the SecurID Appliance either with an SSH session or at the local console.
  2. Retrieve the password for the rsa_dba user using the following command:

/opt/rsa/am/rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password>


  1. Login to the database:
    rsaadmin@marge:/opt/rsa/am/utils> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba
    Password for user rsa_dba:
    psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
    Type "help" for help.
    db=#

  1. At the db=# prompt, enter the following SQL statements can be used to check if the global parameter exists before inserting the parameter into the primary instance:

db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout';
                id                | instance_id     |        name |                     value
----------------------------------+------------------+---------------------+-------------------------------
248ecb9c031d2c0a00780ca2b20d7326  | 0000-Global-0000 | ims.command.timeout | com.rsa.batchjob.DeleteBatchJobCommand,3600
5c98277231ac640a0124bbbf733e99a0  | 0000-Global-0000 | ims.command.timeout | com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000
(2 rows)
db=#



  1. Insert the following parameter into the database:

    db=#INSERT INTO RSA_REP.IMS_CONFIG_VALUE (id, instance_id, name, value) values (‘5c98277231ac640a012bbbf733e99a1’, ‘0000-Global-0000’, ‘ims.command.timeout’, ‘com.rsa.admin.GetUnresolvablePrincipalsCommand,3600’);
    INSERT 1
    db=#


  2. Confirm that the insert worked:

db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout';
id | instance_id | name | value
----------------------------------+------------------+---------------------+----------------------------------------------------------------------
248ecb9c031d2c0a00780ca2b20d7326 | 0000-Global-0000 | ims.command.timeout | com.rsa.batchjob.DeleteBatchJobCommand,3600
5c98277231ac640a0124bbbf733e99a0 | 0000-Global-0000 | ims.command.timeout | com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000
5c98277231ac640a012bbbf733e99a1 | 0000-Global-0000 | ims.command.timeout | com.rsa.admin.GetUnresolvablePrincipalsCommand,3600
(3 rows)
db=#


  1. Quit the database:

db=# \q


  1. Restart the Authentication Manager services:

/opt/rsa/am/server/rsaserv restart all
Notes
 

Attachments

    Outcomes