000023615 - How to manual deploy Federated Identity Manager (FIM) 2.5 / 2.6

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023615
Applies ToRSA Federated Identity Manager (FIM) 2.5
RSA Federated Identity Manager (FIM) 2.6
Microsoft Windows 2000 Server
Microsoft Windows 2003 Server
BEA WebLogic 8.1
IssueThe FIM installation didn't finish correctly and the managed server will not start -- manual deployment is needed
The admin server starts fine (startadminserver.cmd), but when the managedserver starts (startmangedserver.cmd), it goes into "SUSPENDING" mode shortly after and will not start.
CauseDuring the install of FIM, the server did not deploy correctly.

This problem has been reported to RSA Customer Support but has not been possible to replicate, this means that the root cause is not known.  The following steps may be used as a workaround should this problem be encountered.  You may wish to contact RSA Customer Support before using this procedure in case we are able to identify the root cause from your current system before using this workaround.


A.       During deployment, the FIM server did not deploy correctly.  Meaning, no schema changes were made to the BEA server.  In this case, we will have to manually deploy FIM.


B.       Go to install_dir\rsaappserver\bin.


C.       Start the administration server (if not already started). Type:



D.       Change the BEA WebLogic Embedded LDAP password. To do this, open a web browser to:  http://localhost:7081/console.


Login with ?system? and the password you provided in step: 7


Note: Use the same port number that was used during FIM Server installation.



E.       When prompted to authenticate, enter system as the username, and your FIM

Installation password (this is the same password that was used during the install of FIM ? write this down)


F.       Once in the BEA console, In the left panel, click csfdomain --> Security, and then click the Embedded LDAP tab in the right panel.


        I.     In the Credential text box, enter a new password and confirm it. RSA Security  

recommends using the same password you used during FIM installation.



WARNING: Do not include the characters ! % ^ & ) = | ; " , < > in your LDAP as using these characters will not work and you will still have problems starting the server.



J.   After entering the password, Click Apply.


K.   Log off and close the web browser.


L.   Stop the administration server.


                Type:  stopadminserver.cmd


        M.   Restart the administration server.


Type:  startadminserver.cmd


        N.   Open configuredatastore.cmd (with notepad or wordpad)


Remove the comment symbols from the set command lines in the BEA WebLogic


In Embedded LDAP Directory section. Do not replace any values in the file.


The file will look like this when done editing:



@rem --------------------------------------------------------------------------

@rem ----- The following is an example for BEA Weblogic Embedded Directory ----

@rem --------------------------------------------------------------------------


@rem do not change the following values:


set LDAP_SERVER=x.x.x.x (your IP address)

set DN_ROOT="dc=csfdomain"

set RSA_BRANCH="ou=rsa"

set LDAP_ACCOUNT_DN="cn=Admin"


set TYPE=weblogic

set PORT=7081


set USER_BRANCH="ou=people,ou=myrealm"

set USER_OBJECTCLASS_ATTR=inetorgperson

set FIRSTNAME_ATTR=givenName


set CELL_ATTR=telephoneNumber

set ISSUSPENDED=nsaccountlock



set EMAIL_ATTR=mail



@rem --------------------------------------------------------------------------

@rem ---------------------- End of configuration settings ---------------------

@rem --------------------------------------------------------------------------






P.   Save and close the file.



Q.   Type the following. When prompted, provide the BEA WebLogic Embedded

                       LDAP password you defined in step 6.





R.   Type:


datastoredeployer.cmd -d


Note: Ignore any messages you see that say the data store already exists.


S.   Type:


configtool DEPLOYDATA Weblogic


T.   Type:


configtool SETSAMLCONFIG properties/samlinitconfig.xml


U.   To add users to BEA WebLogic Embedded LDAP, type:

configtool ADDBEAUSER system_password userid


?          user_password where

?           system_password is the password you created when installing the FIM Server.

?          userid is the User ID of the user who will administer the FIM Server.

?          user_password is the user?s BEA LDAP password.


NOTE:  If this does not work (step U)  and you get a message that you can?t connect to

the Admin server) you will have to go into the BEA console http://localhost:7081/console

and add the user manually under security ? users


NOTE:  Make sure you do you not use the following characters in the password:

! % ^ & ) = | ; " , < > in


V.   Once added, click APPLY and exit the BEA Console. 



To add a FIM administrator to BEA WebLogic Embedded LDAP, type:


configtool ADDFULLADMIN userid 

(the userid is the same userid you created in STEP V.)



W.   Start the managed server. Type:



Legacy Article IDa34698