000029739 - When starting RSA Identity Management and Governance, unable to initialize security model. com.aveksa.server.core.DuplicateNameException: Aveksa ADC

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Feb 1, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029739
Applies ToRSA Product Set: Identity Governance and Lifecycle
RSA Product/Service Type: 
RSA Version/Condition: 6.5, 6.8.1, 6.9
IssueRSA Identity Management and Governance is unable to start and the following error occurs:
 
Unable to initialize security model. com.aveksa.server.core.DuplicateNameException: Aveksa ADC 
The aveksa security application must be initialized first by the System Operations Node(SON). 
See documentation regarding server nodes and deployment.
CauseThe SON error is not the issue here. The issue is the message about the DuplicateNameException: Aveksa ADC. This error indicates that upon startup, the startup is attempting to create an Aveksa Account Data Collector (ADC), but one already exists. How can this happen?

In later versions of Aveksa (IMG) there is a new application called Aveksa with associated collectors called Aveksa Account Data Collector and Aveksa Entitlement Data Collectors (EDC). These are for the security model and should not be changed. However, these three items (application, ADC and EDC) are modifiable and if modified in any way, IMG will not start up. The ability to modify these items is removed in 6.9.1.

Here is what happens:
  1. The Aveksa application is defined by default and has an Aveksa ADC and EDC.
  2. Every time Aveksa starts, it checks to see if an Aveksa application exists which it normally does unless the application has been renamed.
  3. If the application has been renamed then it does not exist. Upon startup, IMG will create a new application called Aveksa and will also try to create the associated ADC and EDC for this application. It they already exist, the duplicate name error is thrown and startup fails.
Resolution
  • Do not rename the Aveksa application.
  • Starting in 6.9.1, the name of the Aveksa application cannot be changed.
WorkaroundBefore beginning the steps below, backup the system. The preferred method of backup is the command line backup so it should not matter if the UI is unavailable.
  1. Delete the newly created Aveksa application that was created from the restart because it no longer existed because it was renamed from the following two tables: 


SQL> DELETE FROM t_applications_versions WHERE application_id=(SELECT id FROM t_applications WHERE name='Aveksa'); 
SQL> DELETE FROM t_applications WHERE name='Aveksa';


  1. Rename the initially defined application of Aveksa that was changed to something else back to Aveksa. To do this, find the Aveksa ADC in t_data_collectors and see what application to which it is mapped by using t_av_account_data_collectors. 


SQL> UPDATE t_applications SET name='Aveksa' WHERE id=(
SELECT ta.id
FROM t_av_account_data_collectors taadc, t_data_collectors tdc, t_applications ta
WHERE taadc.id=tdc.id AND
taadc.resource_id=ta.id AND
tdc.name='Aveksa ADC');


SQL> UPDATE t_applications set alt_name='Aveksa' WHERE id=(
SELECT ta.id
FROM t_av_account_data_collectors taadc, t_data_collectors tdc, t_applications ta
WHERE taadc.id=tdc.id and
taadc.resource_id=ta.id and
tdc.name='Aveksa ADC');

SQL> COMMIT;
$ acm restart

Attachments

    Outcomes