|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0.0
Platform (Other): Virtual Appliance ASX
O/S Version: Other
Product Name: RSA-0010810
Product Description: RSA-0010810
|Issue||Admin performed in place upgrade to AM 8.1 and upgrade failed. When restored his AM 8.0 from snapshot, the service Administration server with Operations console fails to start.|
The below errors are found in /opt/rsa/am/server/logs/imsTrace.log file:
2015-07-11 12:12:46,598, [[ACTIVE] ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'], (EmailNotificationHandler.java:373), trace.com.rsa.ims.criticalnotification.impl.EmailNotificationHandler, FATAL, ssinvpapprsa01.ad.adsinternal.com,,,,Invalid refresh interval for ims.critical_notification.superadmin_email_refresh.interval java.lang.NullPointerException
com.rsa.ims.admin.dal.ldap.ConnectionException: Failed to connect to the identity source. Possible reasons include invalid user name or password, connection refusal, connection timeout, or failure to resolve hostname.
The Adminserver.log in /opt/rsa/am/server/logs/has below errors:
Caused by: weblogic.management.configuration.ConfigurationException: Identity certificate has expired:
####<Jul 27, 2015 12:03:06 AM SGT> <Critical> <WebLogicServer> <ssinvpapprsa01> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1437926586429> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
java.io.IOException: Identity certificate has expired: [
Serial Number: 513102055726445548798600
Caused by: java.security.cert.CertificateExpiredException: Checked date: Mon Jul 27 00:03:06 SGT 2015 is after Certificate notAfter date: Sat Jul 11 12:05:49 SGT 2015
|Cause||Customer replaced default certificates in Operations Console with his own certificates. The certificate which he imported into AM console has expired. This was the reason his upgrade failed and services do not start after restoring the snapshot.|
|Resolution||1. Log on to AM 8.x Primary via SSH.|
2. Reset the server to default self-signed certificates:
./rsautil reset-server-cert -u oc_admin_UserID -p oc_admin_password
3. Restart services on Primary.
./rsaserv restart all
Verify that you are ble to log onto Security Console and Operations Console
4. Log on to Replica via SSH.
5. Repeat the steps 2 and 3
6. Start RSA services
7. Verify that you are ble to log onto Security Console and Operations Console
8. On Primary server Operations Console, verify replication.
Please refer to am_administrators_guide.pdf page 169 for further details.