000030474 - Unable to import a token via CTKIP : Unable to load bean named CTKIPServerService

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030474
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
IssueUsers are unable to import a software token via CT-KIP distribution. Users will most likely get the following error on their device : "Error communicating with server Token Import Failed"
System Activity Monitor will likely show the following error:
Administrator "SYSTEM" attempted to execute command "com.rsa.authmgr.internal.ctkip.command.ProcessCTKIPClientRequestCommand"
Activity Result Key: Failure

with exception :
com.rsa.ims.components.ComponentFailureException: Unable to load bean named CTKIPServerService

Software token imports successfully via file based distribution and CTF distribution. The issue may appear in the environment where the data was migrated from AM 7.1
CausePossibly because 7.1 system was promoted at some point which may have broke the CTkip key store. The fix is to reinstall the CT-kip key store.
Resolution1. Take a backup from operations console. :)
2. Access the database and run the command: [See below]
delete from rsa_rep.ims_config_value where name like '%ctkip.service.keystore%';
3. Locate your 8.1 License
4. Within the license.zip file there are two files - defaultRSAToolbar.cer and defaultRSAToolbar.key
5. Using WINSCP or similar tools, copy these two files to your temp directory on the primary appliance
cd /opt/rsa/am/utils
7. Run the command
./rsautil install-ctkip-keystore -l /tmp -k defaultRSAToolbar.key -c defaultRSAToolbar.cer -a <oc admin name> -w <oc admin password>
Try importing the token via CT-kip again.

How to access the database?

1. Get the database password.

cd /opt/rsa/am/utils 
./rsautil manage-secrets -a get com.rsa.db.dba.password

2. Access the database using the password you got from the previous command.

cd /opt/rsa/am/pgsql/bin
./psql -h localhost -p 7050 -d db -U rsa_dba