000035110 - All RSA Identity Governance and Lifecycle collectors and connectors failing after restoring the database

Document created by RSA Customer Support Employee on May 9, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035110
Applies ToRSA Product Set: SA Identity Governance and Lifecycle
RSA Version/Condition: 7.0.0, 7.0.1, 7.0.2
IssueAfter restoring a copy of an RSA Identity Governance and Lifecycle database using the avdbimport command and restarting Access Certification Manager (ACM),  it is noted that all collectors and connectors are failing and that POP3 email is not working as expected.  
Access Fulfillment Express (AFX) may also not work correctly (see article 000034797 - RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) failure on startup with the message "Error processing initialization response"
The aveksaServer.log file (/home/oracle/wildfly-8.2.0.Final/standalone/log/aveksaServer.log) shows the following errors:
 
04/27/2017 16:06:56.448 ERROR (default task-109) [com.aveksa.server.utils.PasswordTypePropertyHandler] Error in decryption method=ManagePasswordTypeProperties 
java.lang.IllegalStateException: An issue with handling encryption was encountered

 
04/27/2017 16:03:10.192 ERROR (ApprovalInboxProcessorServiceProvider) [com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread] Error Processing Email
javax.mail.MessagingException: Could not connect to message store for pop3s://iamtest@172.24.4.2:995;
  nested exception is:
javax.mail.AuthenticationFailedException: [AUTH] Authentication failed.
Cause

This issue may occur if:


  • An RSA Identity Governance and Lifecycle database version 7.0.0 or later is imported using avdbimport without also updating the encryption keys.  
  • Importing a database using avdbimport into a different version or instance of RSA Identity Governance and Lifecycle.
  • Importing a backup copy of the database using avdbimport into the same instance of RSA Identity Governance and Lifecycle where an uninstall and a re-install has been performed. 
Starting with RSA Identity Governance and Lifecycle, all passwords used within the product are encrypted for security purposes using an encryption key that is stored in the file F1M.key located in /home/oracle/security/F1M.key.  This keys in this file must match the exported data in order for RSA Identity Governance and Lifecycle to access any of the encrypted passwords.  If a database import is done without restoring the corresponding encryption keystore, collectors, connectors, and any other aspects of the product that rely on saved passwords will fail. 
ResolutionRecover the encryption key file F1M.key from the master key storage directory (/home/oracle/security/) as per the instructions on page 34 of the RSA Identity Governance and Lifecycle V7.0.1 Database Setup and Management Guide.
For AFX failures see the separate article RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) failure on startup with the message "Error processing initialization response."
WorkaroundIf a copy of the Encryption Key file is not available, then it is possible to update the passwords in all aspects of the product where they may have been encrypted by accessing the configuration pages, entering the password again, and saving the changes.  Places where passwords are used include, but are not limited to, connectors, collectors, AFX truststore passphrase and email configuration.
Notes
  • Ensure that a backup copy of the encryption key file F1M.key from the master key storage directory is maintained for restoration purposes.  
  • Ensure a copy of this file is retained before any uninstall and re-install of the product. 

Attachments

    Outcomes