000016598 - 'Synchronize Jurisdiction' operation fails on Registration Manager with errors XrcNOTFOUND and XrcXUDAUNABLE if one of the jurisdictions previously approved for RRM was deleted on RCM

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000016598
Applies ToRSA Registration Manager 6.8
RSA Certificate Manager 6.8
RSA Registration Manager 6.9
RSA Certificate Manager 6.9
Issue'Synchronize Jurisdiction' operation fails on Registration Manager with errors XrcNOTFOUND and XrcXUDAUNABLE if one of the jurisdictions previously approved for RRM was deleted on RCM
'Synchronize Jurisdiction' operation (through System Operations workbench) on RSA Registration Manager fails with the following error:

domain-config-sync.xuda: Line 19820: [XrcNOTFOUND] unable to locate
requested member or object. LDAP_Query: [XrcXUDAUNABLE] unable to contact
directory server. LDAP_Replace failed! objectClass (xuda_domain_config),
dn (id=xuda_domain_config.id, CN=domains, CN=config) domain-config-
sync.xuda: Line 20101: [XrcXUDAUNABLE] unable to contact directory server.
domain-config-sync.xuda: Line 20203: [XrcNOTFOUND] unable to locate
requested member or object.
CauseThe operation to synchronize jurisdiction fails on RRM because the jurisdiction object is still present in the RRM db which has been deleted on the RCM side.
ResolutionThis issue applies to versions 6.8 build 522 as well as 6.9 build 554 (and previous builds).  For latest status on which version/build includes a fix for this issue, contact RSA Customer Support.  In the mean time, the following steps can be taken to fix the problem:

1. Make a full backup of RRM before proceeding. (To do so, stop RRM services, make a backup of the full RRM install folder, then restart RRM services.)

2. Use a browser with RRM admin cert to go to the following URL, the page should show a list of objectclasses in reverse alphabetical order:
     https://<RRM-hostname>:<RRM-admin-port>/ra/admin/listuclass.xuda

(Note:  The tool listuclass.xuda should be used with extra care and exactly as instructed by RSA Customer Support.  Any changes made to RCM/RRM db contents using listuclass may not be reversable; and restoring RCM/RRM db from a backup might be the only option to recover.)

3. From the list of objectclasses, click on "list" button against 'xuda_domain_config'.  The next page will show a list of jurisdiction objects stored in RRM db.

4. Identify the jurisdiction that was removed on RCM side but still shows up on RRM as disabled and cannot be removed through RRM admin interface.  To do so, click on "edit" button against each object and view the object details on next page to confirm if it's the jurisdiction we want (for example, look at the NAME attribute value for jurisdiction name). You can click the browser's back button to go back to the list of jurisdiction objects and click on "edit" button for the next jurisdiction object.

5. Once you have found the jurisdiction object (that was removed on RCM but still shows under disabled jurisdictions on RRM), and are on the page viewing details of the jurisdiction, scroll to the end of the page.  Click on "DELETE Object" button to delete this jurisdiction object from the RRM db.  Now close the browser window where you browsed to listuclass.xuda.

6. Go to RRM admin interface => System Configuration workbench => select 'Synchronize Jurisdictions => click on 'Synchronize' button.  The jurisdictions should successfully synchronize.
WorkaroundOne of the jurisdictions previously approved for RSA Registration Manager (RRM), and disabled but not removed on RRM, was deleted on RSA Certificate Manager (RCM) side
NotesREGMGR-328
Legacy Article IDa61015

Attachments

    Outcomes