000030825 - RSA Administration server with Operations Console fails to start in AM 8.0

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030825
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0.0
Platform: Other
Platform (Other): Virtual Appliance ASX
O/S Version: Other
Product Name: RSA-0010810
Product Description: RSA-0010810
IssueAdmin performed in place upgrade to AM 8.1 and upgrade failed. When restored his AM 8.0 from snapshot, the service Administration server with Operations console fails to start.
The below errors are found in /opt/rsa/am/server/logs/imsTrace.log file:
2015-07-11 12:12:46,598, [[ACTIVE] ExecuteThread: '13' for queue: 'weblogic.kernel.Default (self-tuning)'], (EmailNotificationHandler.java:373), trace.com.rsa.ims.criticalnotification.impl.EmailNotificationHandler, FATAL, ssinvpapprsa01.ad.adsinternal.com,,,,Invalid refresh interval for ims.critical_notification.superadmin_email_refresh.interval java.lang.NullPointerException 
com.rsa.ims.admin.dal.ldap.ConnectionException: Failed to connect to the identity source. Possible reasons include invalid user name or password, connection refusal, connection timeout, or failure to resolve hostname. 
The Adminserver.log in /opt/rsa/am/server/logs/has below errors: 
Caused by: weblogic.management.configuration.ConfigurationException: Identity certificate has expired: 
####<Jul 27, 2015 12:03:06 AM SGT> <Critical> <WebLogicServer> <ssinvpapprsa01> <AdminServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1437926586429> <BEA-000362> <Server failed. Reason: 
There are 1 nested errors:
java.io.IOException: Identity certificate has expired: [
  Version: V3
  Serial Number: 513102055726445548798600
Caused by: java.security.cert.CertificateExpiredException: Checked date: Mon Jul 27 00:03:06 SGT 2015 is after Certificate notAfter date: Sat Jul 11 12:05:49 SGT 2015 
CauseCustomer replaced default certificates in Operations Console with his own certificates. The certificate which he imported into AM console has expired. This was the reason his upgrade failed and services do not start after restoring the snapshot.
Resolution1. Log on to AM 8.x Primary via SSH.
2. Reset the server to default self-signed certificates: 
    $cd /opt/rsa/am/utils
   ./rsautil reset-server-cert -u oc_admin_UserID -p oc_admin_password 
3. Restart services on Primary. 
    $cd /opt/rsa/am/server
    ./rsaserv restart all
    Verify that you are ble to log onto Security Console and Operations Console
4. Log on to Replica via SSH. 
5. Repeat the steps 2 and 3
6. Start RSA services 
7. Verify that you are ble to log onto Security Console and Operations Console
8. On Primary server Operations Console, verify replication. 
Please refer to am_administrators_guide.pdf page 169 for further details.