000035123 - RSA Authentication Manager 8.X trusted realm sending authentication requests to removed replicas

Document created by RSA Customer Support Employee on May 15, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035123
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1 (8.1 SP1), 8.2, 8.2 SP1 (8.2.1)
IssueAll versions of RSA Authentication Manager 8.x with trusted realm (also referred to as cross realm or XR) connection to a second Authentication Manager realm had a problem adding some replicas to the second realm, and those replicas needed to be removed.  However, these replicas remained cached in the first realm, so that servers in the first realm were occasionally sending authentication request look-ups to those removed replicas in the second realm.  These trusted realm requests, of course, were not answered, and so they failed.
The /opt/rsa/am/server/logs/imsTrace.log will show the removed replica as unreachable on TCP port 7022
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://replica3.company.com:7022: Destination unreachable; nested exception is: 
java.net.SocketTimeoutException: connect timed out; No available router to destination]
trace.com.rsa.command.RuntimeTrust, ERROR, Localreplica.company.con,,,,Walk Bad Url: t3s://remote_replica3.company.com:7022


 
CauseThe removed replicas are cached in on the Authentication Manager servers in the following directories:
  • /opt/rsa/am/server/servers/AdminServer
  • /opt/rsa/am/server/servers/biztier
  • /opt/rsa/am/server/servers/console
These files need to be manually deleted so they can be re-created with the current replica configuration. 
 
ResolutionSSH to the primary or replica that is sending the incorrect trusted realm requests, then delete the cache and temp directories under the following directories:
  • /opt/rsa/am/server/servers/AdminServer
  • /opt/rsa/am/server/servers/biztier
  • /opt/rsa/am/server/servers/console
Steps are as follows:

The AdminServer directory


rsaadmin@am82p:/> cd /opt/rsa/am/server/servers/AdminServer
rsaadmin@am82p:/opt/rsa/am/server/servers/AdminServer> ls -l
total 20
drwx------ 3 rsaadmin rsaadmin 4096 Oct 20  2016 cache
drwx------ 4 rsaadmin rsaadmin 4096 Jul 20  2016 data
drwx------ 3 rsaadmin rsaadmin 4096 Jul 20  2016 logs
drwxr-xr-x 2 rsaadmin rsaadmin 4096 Jul 20  2016 security
drwx------ 5 rsaadmin rsaadmin 4096 Mar  7 17:27 tmp
rsaadmin@am82p:/opt/rsa/am/server/servers/AdminServer> rm -r cache/*
rsaadmin@am82p:/opt/rsa/am/server/servers/AdminServer> rm -r tmp
rsaadmin@am82p:/opt/rsa/am/server/servers/AdminServer> ls -l
total 16
drwx------ 2 rsaadmin rsaadmin 4096 May 15 12:06 cache
drwx------ 4 rsaadmin rsaadmin 4096 Jul 20  2016 data
drwx------ 3 rsaadmin rsaadmin 4096 Jul 20  2016 logs
drwxr-xr-x 2 rsaadmin rsaadmin 4096 Jul 20  2016 security
rsaadmin@am82p:/opt/rsa/am/server/servers/AdminServer>

 


The biztier directory


 


rsaadmin@am82p:/> cd /opt/rsa/am/server/servers/biztier
rsaadmin@am82p:/opt/rsa/am/server/servers/biztier> ls -l
total 20
drwx------ 3 rsaadmin rsaadmin 4096 Oct 20  2016 cache
drwx------ 4 rsaadmin rsaadmin 4096 Jul 20  2016 data
drwx------ 3 rsaadmin rsaadmin 4096 Jul 20  2016 logs
drwx------ 5 rsaadmin rsaadmin 4096 Mar  7 17:27 tmp
rsaadmin@am82p:/opt/rsa/am/server/servers/biztier> rm -r cache/*
rsaadmin@am82p:/opt/rsa/am/server/servers/biztier> rm -r tmp
rsaadmin@am82p:/opt/rsa/am/server/servers/biztier> ls -l
total 16
drwx------ 2 rsaadmin rsaadmin 4096 May 15 11:53 cache
drwx------ 4 rsaadmin rsaadmin 4096 Jul 20  2016 data
drwx------ 3 rsaadmin rsaadmin 4096 Jul 20  2016 logs
rsaadmin@am82p:/opt/rsa/am/server/servers/biztier> ls -l cache
total 0
rsaadmin@am82p:/opt/rsa/am/server/servers/biztier>


The console directory


rsaadmin@am82p:/> cd /opt/rsa/am/server/servers/console
rsaadmin@am82p:/opt/rsa/am/server/servers/console> ls -l
total 20
drwx------ 3 rsaadmin rsaadmin 4096 Oct 20  2016 cache
drwx------ 4 rsaadmin rsaadmin 4096 Jul 20  2016 data
drwx------ 3 rsaadmin rsaadmin 4096 Jul 20  2016 logs
drwx------ 5 rsaadmin rsaadmin 4096 Mar  7 17:27 tmp
rsaadmin@am82p:/opt/rsa/am/server/servers/console> rm -r cache/*
rsaadmin@am82p:/opt/rsa/am/server/servers/console> rm -r tmp
rsaadmin@am82p:/opt/rsa/am/server/servers/console> ls -l
total 16
drwx------ 2 rsaadmin rsaadmin 4096 May 15 12:21 cache
drwx------ 4 rsaadmin rsaadmin 4096 Jul 20  2016 data
drwx------ 3 rsaadmin rsaadmin 4096 Jul 20  2016 logs
rsaadmin@am82p:/opt/rsa/am/server/servers/console> ls -l cache
total 0
rsaadmin@am82p:/opt/rsa/am/server/servers/console>


Restart Authentication Manager services


Restart the Authentication Manager services:    
cd /opt/rsa/am/server
./rsaserv stop all
./rsaserv start all

Attachments

    Outcomes