000021098 - WebLogic administrator unable to connect to WebLogic server using Sync Tool

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021098
Applies ToRSA ClearTrust Agent 3.5 for BEA WebLogic 7.0
Sync Tool
IssueWebLogic administrator unable to connect to WebLogic server using Sync Tool
Sync Tool Error: "Error occurred during Weblogic Server: t3://<host>:<port>, connection. Please see the logs for details."
Error in Sync.log file: "com.rsa.cleartrust.weblogic.security.sync.client.CTAdminSyncTool.class - User Does not have Administrative privileges to get data from Server.

Start server side stack trace:
com.rsa.cleartrust.weblogic.security.common.exception.SyncDataException: User Does not have Administrative privileges to get data from Server."

at com.rsa.cleartrust.weblogic.security.tools.sync.SyncDataStore.getAllSyncData(ILjava.lang.String;Ljava.lang.String;)Ljava.util.List;(Unknown Source)
 at com.rsa.cleartrust.weblogic.security.common.remote.ejb.RemoteUtilBean.getAllSyncData(ILjava.lang.String;Ljava.lang.String;)Ljava.util.List;(Unknown Source)
 at com.rsa.cleartrust.weblogic.security.common.remote.ejb.RemoteUtilBean_odk2i0_EOImpl.getAllSyncData(ILjava.lang.String;Ljava.lang.String;)Ljava.util.List;(RemoteUtilBean_odk2i0_EOImpl.java:148)
 at com.rsa.cleartrust.weblogic.security.common.remote.ejb.RemoteUtilBean_odk2i0_EOImpl_WLSkel.invoke(ILweblogic.rmi.spi.InboundRequest;Lweblogic.rmi.spi.OutboundResponse;Ljava.lang.Object;)weblogic.rmi.spi.OutboundResponse;(Unknown Source)
 at weblogic.rmi.internal.BasicServerRef.invoke(Lweblogic.rmi.internal.MethodDescriptor;Lweblogic.rmi.spi.InboundRequest;Lweblogic.rmi.spi.OutboundResponse;)V(BasicServerRef.java:441)
 at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(Lweblogic.rmi.internal.MethodDescriptor;Lweblogic.rmi.spi.InboundRequest;Lweblogic.rmi.spi.OutboundResponse;)V(ReplicaAwareServerRef.java:114)
 at weblogic.rmi.internal.BasicServerRef$1.run()Ljava.lang.Object;(BasicServerRef.java:382)
 at weblogic.security.service.SecurityServiceManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedExceptionAction;)java.lang.Object;(SecurityServiceManager.java:726)
 at weblogic.rmi.internal.BasicServerRef.handleRequest(Lweblogic.rmi.spi.InboundRequest;)V(BasicServerRef.java:377)
 at weblogic.rmi.internal.BasicExecuteRequest.execute(Lweblogic.kernel.ExecuteThread;)V(BasicExecuteRequest.java:30)
 at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:234)
 at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:210)
 at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
End  server side stack trace
Cause
The WebLogic administrator userID needs to exist in the ClearTrust datastore and needs to belong to a specifically named user group: <WebLogic Server Virtual Name>_Administrators. Where <WebLogic Server Virtual Name> is the value of the cleartrust_realm.properties parameter "cleartrust.agent.weblogic_server.name." This value is set during the WebLogic Agent configuration using the agentconfig.war application.
Resolution
To correct this issue, verify that the <WebLogic Server Virtual Name>_Administrators user group exists and the WebLogic administrator is a member of this group. 
 
Please note, this group name is case sensitive.  If the value of the cleartrust_realm.properties parameter "cleartrust.agent.weblogic_server.name" is "MyWebLogicServer," then the group name must be MyWebLogicServer_Administrators. 
Legacy Article IDa20292

Attachments

    Outcomes