000029966 - Cannot add alternative IP address in AM 8.1 SP1 after installing patch 2

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029966
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform: VMware
Platform (Other): null
O/S Version: ESXi 5.0
Product Name: AM 8.1
Product Description: AM 8.1 SP1 Patch2
IssueAM 8.1 SP1 patch 2 does not allow to add alternative IP address with a valid IP after installing SP1 patch 2. This works as expected in AM 8.1 SP1.
Add an agent host, with a hostname and IP-address in AM 8.1 SP1 patch 2. Add an alternate IP-address and save it. Go back into it Agent host record and you will notice that the alternative IP is changed to 127.0.0.1 automatically.
CauseInstallation patch 2 causes this issue. This works as expected in AM 8.1 SP1 patch 1.
ResolutionThis issue is reported in defect AM-29081 and it is resolved in Patch 3 for AM 8.1 SP1.
Workaround

A valid IP address can be inserted into a record of Agent host using SQL command. 
1.     Obtain the password for rsa_dba user:
#cd /opt/rsa/am/utils
 ./rsautil manage-secrets -a get com.rsa.db.dba.password
  Please enter OC Administrator username: admin 
  Please enter OC Administrator password: ********
  com.rsa.db.dba.password: fPzg9Z9FRSMNkLXCSX22S2L0hhdikV    [Copy this password to notepad]
2. cd /opt/rsa/am/pgsql/bin
3. Connect to psql:
            ./psql -p 7050 -h localhost -d db -U rsa_dba
            Password for user rsa_dba: <type the password from step 1>
4. Run below command:
update am_agent_alternate set ip_addr = 'xxx.xxx.xxx.xxx' where agent_id in (select id from am_agent where host_id in (select id from am_host where name = 'host_name'));
xxx.xxx.xxx.xxx: Alternate IP address of the agent.
host_name = FQDN of host
Note: If you click on save button in the Authentication Agent host record, then again the alternate IP address will be saved back to 127.0.0.1 and the above query needs to be run again. As long as one does not edit the agent host record, the above inserted value stays in the database.


5. If the customer would like to add another IP address for the same agent then they need to use the same id that they have received from SQL Statement a and can execute the following insert query:
a. select id from am_agent where host_id in (select id from am_host where name = 'host_name'); 
b. insert into am_agent_alternate (agent_id, ip_addr) values ('id_that_is_received_from_the_previous_select_statement (i.e. the return value of SQL statement a)', 'yyy.yyy.yyy.yyy');
         Note: yyy.yyy.yyy.yyy: Another alternate IP address of the agent.
6. List all agent hosts with alternative IP addresses 
    select name from am_host where id in (select host_id from am_agent where id in (select distinct agent_id from am_agent_alternate));
7. Deleting an incorrect IP address:
    Example:
    delete from am_agent_alternate where ip_addr = '127.0.0.1';

Attachments

    Outcomes