000029037 - Cannot access Security Console in AM 7.1 after restoring the database due to an error  "Error: failed to decrypt data" in server.log

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029037
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1 SP4
Platform: Windows
O/S Version: 2003 Server x64
Product Name: RSA-0010010
Product Description: RSA Authentication Manager
IssueCustomer migrated the database from AM 7.1 SP4 patch 12 to another machine running AM 7.1 SP4 patch 12. Migration is completed with some errors.
After the migration, administrator cannot access Security Console. The server name_server.log file has error: "Invocation of init method failed; nested exception is java.lang.Error: failed to decrypt data".
org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'KeyManager' defined in URL 
[zip:C:/Program Files/RSA Security/RSA Authentication Manager/server/servers/thorrsa_server/tmp/_WL_user/am-app/fyoaey/APP-INF/lib/ims-server-o.jar!/ims-components.xml]: 
nvocation of init method failed; 
nested exception is 
java.lang.Error: failed to decrypt data
...
com.rsa.ims.security.crypto.CryptoException: Configuration error, cannot find decryption key with ID=1d3b380b0300a8c0004177bc4e5162d0
      at com.rsa.ims.security.utils.DatabaseCryptoKey.<init>(DatabaseCryptoKey.java:244)
      at com.rsa.ims.security.keymanager.dal.sql.KeyManagerDAL.decrypt(KeyManagerDAL.java:739)
CauseThere are new additional encryption keys were introduced after patch 8 in AM 7.1. The keys in systemfields.properties file and the keys in the database do not match. This issue was reported in defect AM-22253.
ResolutionThis issue was corrected in patch 18 for AM 7.1 SP4. 
WorkaroundInstall AM 7.1 SP4. Database will restore without any errors.Then install the most recent patch on AM 7.1 SP4 server.
Security Console will work as expected.

Attachments

    Outcomes