000012371 - Error 'Self Service Application is not configured properly' from DPM's self-service admin GUI

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012371
Applies ToRSA Data Protection Manager Appliance 3.5.x
IssueError "Self Service Application is not configured properly" from DPM's self-service admin GUI
/opt/tomcat/logs/catalina.out shows the following error:
Exception Occurred During Self Service Application Initialization.Possibly configuration file is not correct
sirrus.selfservice.common.exception.ClearTrustFatalError: COMMON_FAILED_ADMINAPI_CONNECTION
        at sirrus.selfservice.common.util.AdminAPIPool.initialize(AdminAPIPool.java:155)
        at sirrus.selfservice.common.listeners.SelfServiceContextListener.contextInitialized(SelfServiceContextListener.java:57)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4887)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5381)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1114)
        at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1672)
        at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.util.concurrent.FutureTask.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)

selfserviceadmin password is not in sync on all appliances.
ORA-26786: A row with key ("ID") = (5) exists but has conflicting column(s) "PASSWORD" in table CT_OWNER.PASSWORD ORA-01403: no data found
ResolutionFind one appliance where the Self-Service Admin GUI still works (/axm-selfservice-gui). Bounce Tomcat (service tomcat restart) and make sure it is still available with no errors.
For this solution, Node1 refers to the node where the self-service admin GUI still works, and node2 is where the error occurs.
From node1, run the following:
su - oracle
sqlplus / as sysdba
SQL> set lines 250
SQL> select u.id, u.name, p.id, p.password from ct_owner.users u, ct_owner.password p where u.name='selfserviceadmin' and p.user_id = u.id;

    ID NAME                          ID PASSWORD
------ ------------------------- ------ ----------------------------------------------------------------------
     4 selfserviceadmin               5 {SSHA256}rvLvbeuSj4W5eF37dBSBOkrChZ9yagPypfHq3BYDZTQ7iT7dA2KArg==
From Node2, run the following by using the password value retrieved on Node1:
su - oracle
sqlplus / as sysdba
SQL> EXEC DBMS_STREAMS.SET_TAG(tag => HEXTORAW('17')); 
SQL> update ct_owner.password set password='{SSHA256}rvLvbeuSj4W5eF37dBSBOkrChZ9yagPypfHq3BYDZTQ7iT7dA2KArg==' where id=(select p.id from ct_owner.users u, ct_owner.password p where u.name='selfserviceadmin' and p.user_id = u.id);
SQL> commit;
From Node1, run the following:
grep -e ^com.rsa.axm.selfservice.adapi.user_id -e ^com.rsa.axm.selfservice.adapi.user_password /opt/tomcat/selfservice.conf
The output should be something like this:
com.rsa.axm.selfservice.adapi.user_id=avNZCTNKXRtDAkFdh8HheIOxXUM9gkSVX8lBx+gLXcM=
com.rsa.axm.selfservice.adapi.user_password=Xp9S0SDsydjvJrLQcdR+ThZmkFGMkXUK
On Node2, edit the file /opt/tomcat/selfservice.conf to modify the configuration parameters com.rsa.axm.selfservice.adapi.user_id and com.rsa.axm.selfservice.adapi.user_password so they match the values retrieved on Node1.
Restart Tomcat (service tomcat restart) on Node2. 
Hit the self-service URL and verify the error is gone.

This solution can also be followed to resolve the DB conflict ORA-26786 if the "selfserviceadmin" user password is different on each node.
Legacy Article IDa66042

Attachments

    Outcomes