|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
|Issue||Users are unable to import a software token via CT-KIP distribution. Users will most likely get the following error on their device : "Error communicating with server Token Import Failed"|
System Activity Monitor will likely show the following error:
Administrator "SYSTEM" attempted to execute command "com.rsa.authmgr.internal.ctkip.command.ProcessCTKIPClientRequestCommand"
with exception :
com.rsa.ims.components.ComponentFailureException: Unable to load bean named CTKIPServerService
Software token imports successfully via file based distribution and CTF distribution. The issue may appear in the environment where the data was migrated from AM 7.1
|Cause||Possibly because 7.1 system was promoted at some point which may have broke the CTkip key store. The fix is to reinstall the CT-kip key store.|
|Resolution||1. Take a backup from operations console. :)|
2. Access the database and run the command: [See below]
delete from rsa_rep.ims_config_value where name like '%ctkip.service.keystore%';
3. Locate your 8.1 License
4. Within the license.zip file there are two files - defaultRSAToolbar.cer and defaultRSAToolbar.key
5. Using WINSCP or similar tools, copy these two files to your temp directory on the primary appliance
6. cd /opt/rsa/am/utils
7. Run the command
./rsautil install-ctkip-keystore -l /tmp -k defaultRSAToolbar.key -c defaultRSAToolbar.cer -a <oc admin name> -w <oc admin password>
Try importing the token via CT-kip again.
How to access the database?
1. Get the database password.