000011651 - AM 7.1.X & APP 3.0.X: Radius configure fails with: ERROR - Failed configuration command execution

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011651
Applies ToSecurID Appliance 3.0.X
AM 7.1.X
IssueAM 7.1.X & APP 3.0.X: Radius configure fails with: ERROR - Failed configuration command execution
When trying to configure radius server in a replicated environment, the error message "replication secret is invalid" is thrown
When looking at the $RSAHOME/install/logs/config/configureRADIUSTrace.log you will find the following exception thrown, which is very misleading:

11 Nov 14:12:10.948 INFO - Command Output Property Keys (registerRadiusWithAM): {}
11 Nov 14:12:19.207 ERROR - Failed configuration command execution
com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
    at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
    at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Error Running RADIUS Registration Command
    at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:35)
    at com.rsa.installfwrk.common.command.RemoteCommandBase.execute(RemoteCommandBase.java:49)
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
    ... 2 more
Caused by: com.rsa.authmgr.radius.exception.RadiusSystemException: Replication server 'sydb1ssec5.anzsa.fdi.1dc.com' not found.
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.enableRADIUSServerReplication(RegisterRadiusServerAdministrationImpl.java:327)
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.registerRadiusServer(RegisterRadiusServerAdministrationImpl.java:190)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand$Executive.execute(RegisterRadiusServerCommand.java:207)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand.performExecute(RegisterRadiusServerCommand.java:106)
    at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:84)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.access$201(LocalTransactionalCommandTarget.java:46)
    at com.rsa.ims.command.LocalTransactionalCommandTarget$1.doInTransaction(LocalTransactionalCommandTarget.java:208)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:201)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:543)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:520)
    at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:91)
    at com.rsa.security.SecurityContext.doAs(SecurityContext.java:400)
    at com.rsa.command.CommandServerEngine.execute(CommandServerEngine.java:307)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:250)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:161)
    at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:174)
    at com.rsa.command.CommandServerBean.executeFrameworkManagedTx(CommandServerBean.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl.executeFrameworkManagedTx(CommandServer_qt4u4w_EOImpl.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
    at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
    at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
    at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
11 Nov 14:12:19.208 ERROR - Configuration Failed
com.rsa.installfwrk.config.exception.ConfigurationException: Configuration Failed
    at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:38)
Caused by: com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
    at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
    at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Error Running RADIUS Registration Command
    at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:35)
    at com.rsa.installfwrk.common.command.RemoteCommandBase.execute(RemoteCommandBase.java:49)
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
    ... 2 more
Caused by: com.rsa.authmgr.radius.exception.RadiusSystemException: Replication server 'sydb1ssec5.anzsa.fdi.1dc.com' not found.
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.enableRADIUSServerReplication(RegisterRadiusServerAdministrationImpl.java:327)
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.registerRadiusServer(RegisterRadiusServerAdministrationImpl.java:190)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand$Executive.execute(RegisterRadiusServerCommand.java:207)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand.performExecute(RegisterRadiusServerCommand.java:106)
    at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:84)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.access$201(LocalTransactionalCommandTarget.java:46)
    at com.rsa.ims.command.LocalTransactionalCommandTarget$1.doInTransaction(LocalTransactionalCommandTarget.java:208)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:201)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:543)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:520)
    at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:91)
    at com.rsa.security.SecurityContext.doAs(SecurityContext.java:400)
    at com.rsa.command.CommandServerEngine.execute(CommandServerEngine.java:307)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:250)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:161)
    at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:174)
    at com.rsa.command.CommandServerBean.executeFrameworkManagedTx(CommandServerBean.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl.executeFrameworkManagedTx(CommandServer_qt4u4w_EOImpl.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
    at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
    at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
    at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
And further down in the configureRadiusTrace.log:

11 Nov 14:51:50.245 ERROR - Failed configuration command execution
com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
    at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
    at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Error Running RADIUS Registration Command
    at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:35)
    at com.rsa.installfwrk.common.command.RemoteCommandBase.execute(RemoteCommandBase.java:49)
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
    ... 2 more
Caused by: com.rsa.authmgr.radius.exception.RadiusSystemException: Replication server 'sydb1ssec5.anzsa.fdi.1dc.com' not found.
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.enableRADIUSServerReplication(RegisterRadiusServerAdministrationImpl.java:327)
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.registerRadiusServer(RegisterRadiusServerAdministrationImpl.java:190)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand$Executive.execute(RegisterRadiusServerCommand.java:207)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand.performExecute(RegisterRadiusServerCommand.java:106)
    at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:84)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.access$201(LocalTransactionalCommandTarget.java:46)
    at com.rsa.ims.command.LocalTransactionalCommandTarget$1.doInTransaction(LocalTransactionalCommandTarget.java:208)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:201)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:543)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:520)
    at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:91)
    at com.rsa.security.SecurityContext.doAs(SecurityContext.java:400)
    at com.rsa.command.CommandServerEngine.execute(CommandServerEngine.java:307)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:250)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:161)
    at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:174)
    at com.rsa.command.CommandServerBean.executeFrameworkManagedTx(CommandServerBean.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl.executeFrameworkManagedTx(CommandServer_qt4u4w_EOImpl.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
    at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
    at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
    at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
11 Nov 14:51:50.246 ERROR - Configuration Failed
com.rsa.installfwrk.config.exception.ConfigurationException: Configuration Failed
    at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:38)
Caused by: com.rsa.installfwrk.config.exception.ConfigurationException: Failed configuration command execution
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:223)
    at com.rsa.installfwrk.config.ConfigUtil.runConfig(ConfigUtil.java:53)
    at com.rsa.installfwrk.config.ConfigUtil.main(ConfigUtil.java:35)
Caused by: com.rsa.installfwrk.common.command.exception.CommandException: Error Running RADIUS Registration Command
    at com.rsa.installfwrk.thirdparty.radius.config.command.RegisterRadiusServerCmd.executeRemoteCommands(RegisterRadiusServerCmd.java:35)
    at com.rsa.installfwrk.common.command.RemoteCommandBase.execute(RemoteCommandBase.java:49)
    at com.rsa.installfwrk.config.ConfigEngine.execute(ConfigEngine.java:185)
    ... 2 more
Caused by: com.rsa.authmgr.radius.exception.RadiusSystemException: Replication server 'sydb1ssec5.anzsa.fdi.1dc.com' not found.
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.enableRADIUSServerReplication(RegisterRadiusServerAdministrationImpl.java:327)
    at com.rsa.authmgr.internal.admin.radius.impl.RegisterRadiusServerAdministrationImpl.registerRadiusServer(RegisterRadiusServerAdministrationImpl.java:190)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand$Executive.execute(RegisterRadiusServerCommand.java:207)
    at com.rsa.authmgr.admin.radius.RegisterRadiusServerCommand.performExecute(RegisterRadiusServerCommand.java:106)
    at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:84)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.access$201(LocalTransactionalCommandTarget.java:46)
    at com.rsa.ims.command.LocalTransactionalCommandTarget$1.doInTransaction(LocalTransactionalCommandTarget.java:208)
    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)
    at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:201)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:543)
    at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:520)
    at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:91)
    at com.rsa.security.SecurityContext.doAs(SecurityContext.java:400)
    at com.rsa.command.CommandServerEngine.execute(CommandServerEngine.java:307)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:250)
    at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:161)
    at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:174)
    at com.rsa.command.CommandServerBean.executeFrameworkManagedTx(CommandServerBean.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl.executeFrameworkManagedTx(CommandServer_qt4u4w_EOImpl.java:136)
    at com.rsa.command.CommandServer_qt4u4w_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
    at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:224)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
    at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
    at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
CauseWhile the error indicates there is a shared secret or other password/secret related fault, the issue really is that it cannot be passed between servers because port 1812 over TCP is not opened between the two machines
ResolutionInsure both UDP and TCP ports for 1812 are opened between the primary and replica instance.  Once these ports are opened, run the configuration again and this will correct the problem.
Legacy Article IDa52944

Attachments

    Outcomes