000015487 - AM 7.1 sp4 full kit for RHEL 5 fails to complete installation at 100% with 'Configuration Failed'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015487
IssueAM 7.1 sp4 full kit for RHEL 5 fails to complete installation at 100% with "Configuration Failed"
Reference the following logs, noting $AMHOME is a flexible path that can be altered at the time of installation.
The default installation path is /usr/local/RSASecurity/RSAAuthenticationManager, adjust to your specific installationpath

The WebLogic admin server cannot start, as it cannot acquire the required port(7002).

 $AMHOME/config/config.out throws the following error.  
WLST-WLS-1342827478945: <Jul 20, 2012 4:39:19 PM PDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
WLST-WLS-1342827478945: <Jul 20, 2012 4:39:19 PM PDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
WLST-WLS-1342827478945: <Jul 20, 2012 4:39:19 PM PDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
WLST-WLS-1342827478945: <Jul 20, 2012 4:39:19 PM PDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
WLST-WLS-1342827478945: Stopped draining WLST-WLS-1342827478945
WLST-WLS-1342827478945: Stopped draining WLST-WLS-1342827478945
....................................................................................................................................................................Unable to start the server, startServer timed Out ...
Exception in thread "Main Thread" Traceback (innermost last):
File "<string>", line 1, in ?
File "<iostream>", line 1197, in startServer
WLSTException: 'Error occured while performing startServer : Could not start the server, the process might have timed out or there is an Error starting the server. Please refer to the log files for more details.'
Admin server start failed
Exiting...
Configuration failed
Exiting...
********************** End *********************
$AMHOME/config/config_trace.log reports another error starting the admin server:

20 Jul 16:37:55.742 INFO - Main Thread - config.ConfigEngine - Executing Command (ims)(appserver2): startAdmin: Starting admin server
20 Jul 16:37:55.742 INFO - Main Thread - config.ConfigEngine - Command Input Properties (startAdmin): {command=$I(rsa.install.location)/config/startAdmin$N(script.ext), commandArgs=$N(ims.weblogic.domain.admin.server.name) $N(ip) $N(ims.weblogic.domain.admin.port.nonssl) $R(ims.weblogic.domain.admin.user) $R(ims.weblogic.domain.admin.password) $N(ims.weblogic.domain.path) $I(rsa.install.location)}
20 Jul 16:37:55.743 INFO - Main Thread - config.ConfigEngine - Command Output Property Keys (startAdmin): {}
20 Jul 16:48:02.954 ERROR - Main Thread - config.ConfigUtil - Failed configuration command execution
com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Failed to execute command
at com.rsa.installfwrk.common.command.ExecuteProcessCmd.execute(ExecuteProcessCmd.java:40)
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)


The installation progress bar reaches 100%, throws "Configuration Error" and terminates.
Cause
The WebLogic admin server cannot start, as it cannot acquire the required port(7002). The default iptables firewall has been altered to harden the system, preventing the primary NIC ip address and fqdn from binding to port 7002.
ResolutionAuthentication Manager 7.1sp4 has been tested with the RHEL default iptables firewall in place.  An iptables dump using iptables-save lists the default as follows:

# Generated by iptables-save v1.2.11 on Tue Jul 24 14:12:38 2012
*nat
:PREROUTING ACCEPT [293467:45981238]
:POSTROUTING ACCEPT [533283:32067427]
:OUTPUT ACCEPT [533283:32067427]
COMMIT
# Completed on Tue Jul 24 14:12:38 2012

In this instance, AM is unable to bind to port 7002.  Reference I&C guide starting on page 15 for a full list required ports that AM 7.1sp4 uses. These ports must be opened to both loopback (localhost), the primary ip address and fqdn for binding in order for the product to start and function properly.  Any system hardening must take the required AM ports into consideration. 

If you receive similar errors in your logs, uninstall AM, but before you attempt to reinstall, turn iptables off.  To do so, as root from the command line, execute:

     service iptables off

If the installation completes without error, revisit custom changes made to iptables referencing the I&C guide "Port Usage" table starting on page 15.  Regress any changes out that will impact the ability of AM 7.1 to bind to any of the listed ports.
Legacy Article IDa59239

Attachments

    Outcomes