000035313 - RSA Authentication Manager 8.x backups fail to a Windows Share where SMBv1 is disabled

Document created by RSA Customer Support Employee on Jul 13, 2017Last modified by RSA Customer Support Employee on Aug 14, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000035313
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueRSA Authentication Manager 8.x backups fail with the following message:

An error occurred while backing up the system: Failed to validate the remote share location. Please check that your remote connection is accessible, writable, and has sufficient space, and back up your system again.
 

The /opt/rsa/am/server/logs/ops-console.log reports: 
 

@@@2017-06-26 11:52:22,579 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: mount error(112): Host is down 
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
@@@2017-06-26 11:52:23,098 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
@@@2017-06-26 11:52:23,099 ERROR [CreateBackup] GUILog.traceException(587) | exception:
java.io.IOException: Remote file access error: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.runCommand(RemoteFileShare.java:129)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.retryCommand(RemoteFileShare.java:155)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mountCIFS(CIFSFileShare.java:161)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mount(CIFSFileShare.java:98)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.testRemoteLocation(CIFSFileShare.java:228)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:42)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
@@@2017-06-26 11:52:23,117 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
@@@2017-06-26 11:52:23,637 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
@@@2017-06-26 11:52:23,637 ERROR [CreateBackup] GUILog.traceException(587) | exception:
java.io.IOException: Remote file access error: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.runCommand(RemoteFileShare.java:129)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.retryCommand(RemoteFileShare.java:155)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mountCIFS(CIFSFileShare.java:161)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mount(CIFSFileShare.java:107)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.testRemoteLocation(CIFSFileShare.java:228)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:42)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
.IOException: Remote file access error: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) java.io@@@2017-06-26 11:52:23,656 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
@@@2017-06-26 11:52:24,175 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
@@@2017-06-26 11:52:24,176 ERROR [CreateBackup] GUILog.traceException(587) | exception:
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.runCommand(RemoteFileShare.java:129)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.retryCommand(RemoteFileShare.java:155)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mountCIFS(CIFSFileShare.java:161)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mount(CIFSFileShare.java:115)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.testRemoteLocation(CIFSFileShare.java:228)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:42)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
@@@2017-06-26 11:52:24,176 FATAL [CreateBackup] GUILog.traceMessage(794) | Failed to mount CIFS drive
@@@2017-06-26 11:52:24,177 ERROR [CreateBackup] GUILog.traceException(587) | exception:
java.io.IOException: Failed to mount CIFS drive: Remote file access error: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.mount(CIFSFileShare.java:121)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.testRemoteLocation(CIFSFileShare.java:228)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:42)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
@@@2017-06-26 11:52:24,193 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: umount: /opt/rsa/am/backup/remote--281843427: not mounted
@@@2017-06-26 11:52:24,711 FATAL [CreateBackup] GUILog.traceMessage(794) | Command failed: umount: /opt/rsa/am/backup/remote--281843427: not mounted
@@@2017-06-26 11:52:24,712 ERROR [CreateBackup] GUILog.traceException(587) | exception:
java.io.IOException: Remote file access error: umount: /opt/rsa/am/backup/remote--281843427: not mounted
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.runCommand(RemoteFileShare.java:129)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShare.retryCommand(RemoteFileShare.java:155)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.unmount(CIFSFileShare.java:174)
     at com.rsa.ims.operationsconsole.admin.fileshare.impl.CIFSFileShare.testRemoteLocation(CIFSFileShare.java:249)
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:42)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
@@@2017-06-26 11:52:24,712 ERROR [CreateBackup] GUILog.traceException(587) | exception:
java.io.IOException: Validation error: Failed to connect to the remote location
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:68)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
@@@2017-06-26 11:52:24,922 ERROR [CreateBackup] GUILog.traceException(587) | exception:
com.rsa.ims.operationsconsole.admin.taskmgr.TaskExecutionException: Failed to validate the remote backup location.
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:73)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$FastClassBySpringCGLIB$$bfa37c86.invoke(<generated>)
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
     at org.springframework.aop.aspectj.AspectJAfterThrowingAdvice.invoke(AspectJAfterThrowingAdvice.java:55)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask$$EnhancerBySpringCGLIB$$dbd57051.execute(<generated>)
     at com.rsa.ims.operationsconsole.admin.taskmgr.TaskManager.executeTasks(TaskManager.java:42)
     at com.rsa.ims.operationsconsole.admin.impl.OCManageBackupImpl$1CreateBackupThread.run(OCManageBackupImpl.java:149)
     at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Validation error: Failed to connect to the remote location
     at com.rsa.ims.operationsconsole.admin.fileshare.RemoteFileShareUtil.performValidation(RemoteFileShareUtil.java:68)
     at com.rsa.ims.operationsconsole.admin.backup.tasks.ValidateRemoteLocationTask.execute(ValidateRemoteLocationTask.java:65)
... 13 more
CauseRSA Authentication Manager 8.x software uses SMBv1 for Windows share connectivity.
ResolutionThe current release of RSA Authentication Manager 8.2 Service Pack 1 Patch 3 is hosted by SUSE Enterprise 11 Service Pack 4 which has no capability to support SMBv2; however SUSE Enterprise 12 does support SMBv2.
SUSE Enterprise 12 is on the SecurID product roadmap for RSA Authentication Manager, however there is no timetable as to when RSA Authentication Manager software will be hosted by SUSE Enterprise 12.
Please note that there are three options to archive Log Data and Schedule backups:
  1. On the local Authentication Manager server,
  2. In a Windows shared folder, and
  3. In an NFS (Network File Share) shared folder.
Customers using the Windows Shared Folder option and who do not want to continue with SMBv1 can utilize the NFS Shared Folder option. This most likely is not the preferred solution but a valid option in the short term.
Customers with concerns regarding vulnerabilities that could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server can visit Microsoft Security Bulletin MS17-010 - Critical (Security Update for Microsoft Windows SMB Server (4013389) for further information on a Windows patch from Microsoft.

Attachments

    Outcomes