000011970 - RSA Authentication Manager 7.1.4 RADIUS configuration fails on promoted primary server

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000011970
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition: 3.0, 7.1
IssueRADIUS configuration fails on a promoted Authentication Manager primary with the following exception in the RSA_HOME/install\logs/config/configureRadiusTrace.log:
28 Jan 14:13:57.487 ERROR - Failed configuration command execution
com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Error Running RADIUS Registration Command
at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:35)
at com.rsa.installfwrk.common.command.RemoteCommandBase.execute(RemoteCommandBase.java:49)
at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
... 2 more
Caused by: com.rsa.command.exception.InvalidArgumentException: Can't add a second Primary RADIUS Server
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:217)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:338)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:252)
at com.rsa.command.CommandServer_qt4u4w_EOImpl_1000_WLStub.executeFrameworkManagedTx(Unknown Source)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:229)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:178)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.security.Security.runAs(Security.java:61)
at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:150)
at com.rsa.command.ConnectionFactory$AuthenticatedTarget$1.run(ConnectionFactory.java:577)
at com.rsa.command.ConnectionFactory$AuthenticatedTarget$1.run(ConnectionFactory.java:575)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:114)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:429)
at com.rsa.command.ConnectionFactory$AuthenticatedTarget.executeCommand(ConnectionFactory.java:582)
at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:229)
at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand.execute(RegisterRadiusServerCommand.java:99)
at com.rsa.command.ConnectionFactory$ConnectionImpl.executeCommand(ConnectionFactory.java:812)
at com.rsa.tools.common.IMSCommandProxy.executeCommand(IMSCommandProxy.java:166)
at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.registerRadiusServer(RegisterRadiusServerCmd.java:82)
at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:33)
... 4 more
CauseThe old primary RADIUS server still exists in the deployment as a primary RADIUS server.
ResolutionTo resolve the issue, an administrator with the correct privilege must delete the old primary RADIUS server.
  1. Logon to the RSA Operations Console of the promoted primary and navigate to Deployment Configuration > RADIUS > Manage Existing.
  2. Delete the old primary RADIUS server.
  3. Navigate back to Deployment Configuration > RADIUS > Configure Server.
  4. Complete the steps to configure RADIUS with the new server information and click Save.
NotesThis problem can also happen if you restore a backup to a new server with a different IPaddress and/or ostname. The error will be the same in the configureRADIUSTrace.log file. The steps to resolve this issue can be found in the article entitled RADIUS configuration fails after a backup is restored to a new server with a different IP/Hostname.
Legacy Article IDa57199

Attachments

    Outcomes