000029037 - Cannot access RSA Authentication Manager 7.1 Security Console after restoring the database due to an error  "Error: failed to decrypt data" in server.log

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support on Feb 1, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029037
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 SP4
Platform: Windows
IssueThe Authentication Manager database was migrated from Ra server running 7.1 SP4 patch 12 to another machine running 7.1 SP4 patch 12. The migration completed with some errors.
After the migration, the administrator cannot access the Security Console. The <server name>_server.log file shows the error:

Invocation of init method failed; nested exception is java.lang.Error: failed to decrypt data

Error creating bean with name 'KeyManager' defined in URL 
[zip:C:/Program Files/RSA Security/RSA Authentication Manager/server/servers/thorrsa_server/tmp/_WL_user/am-app/fyoaey/APP-INF/lib/ims-server-o.jar!/ims-components.xml]: 
nvocation of init method failed; 

nested exception is 
java.lang.Error: failed to decrypt data

com.rsa.ims.security.crypto.CryptoException: Configuration error, cannot find decryption key with ID=1d3b380b0300a8c0004177bc4e5162d0
      at com.rsa.ims.security.utils.DatabaseCryptoKey.<init>(DatabaseCryptoKey.java:244)
      at com.rsa.ims.security.keymanager.dal.sql.KeyManagerDAL.decrypt(KeyManagerDAL.java:739)
CauseNew additional encryption keys were introduced after Authentication Manager 7.1 patch 8. The keys in systemfields.properties file and the keys in the database do not match. This issue was reported in defect AM-22253.
ResolutionThis issue was corrected in Authentication Manager 7.1 SP4 patch 18.
  1. Install Authentication Manager 7.1 SP4. The database will restore without any errors.
  2. Install the most recent patch on the Authentication Manager 7.1 SP4 server.
  3. Launch the Security Console.  It will now work as expected.