Issue | "There was a problem processing your request. Unexpected error during command com.rsa.authmgr.admin.tokenmgt.DeleteTokensCommand execution." error when trying to delete expired tokens from Security Console. System Activity Monitor (Reporting > Real Time Activity Monitor > System Activity Monitor or Reporting > Reports > Add New > System Activity) shows the following error:
com.rsa.common.UnexpectedDataStoreException: org.springframework.dao.DataIntegrityViolationException: could not delete: [com.rsa.authmgr.internal.admin.tokenmgt.dal.Token#937abd321500f70a147e58a59bd04dc4]; SQL [delete from AM_TOKEN where ID=? and ROW_VERSION=?]; constraint [fk_am_replacing_tkn_id]; nested exception is org.hibernate.exception.ConstraintViolationException: could not delete: [com.rsa.authmgr.internal.admin.tokenmgt.dal.Token#937abd321500f70a147e58a59bd04dc4], at com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql.delete(DataObjectAccessSql.java:342), at com.rsa.authmgr.internal.admin.tokenmgt.dal.sql.TokenAccessSQL.delete(TokenAccessSQL.java:124), at com.rsa.authmgr.internal.admin.tokenmgt.impl.TokenAdministrationImpl.delete(TokenAdministrationImpl.java:583), at com.rsa.authmgr.admin.tokenmgt.DeleteTokensCommand$Executive.execute(DeleteTokensCommand.java:36), at com.rsa.authmgr.admin.tokenmgt.DeleteTokensCommand.performExecute(DeleteTokensCommand.java:113), at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119), at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1), at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268), at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1), at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:131), at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260), at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933), at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1), at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113), at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439), at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445), at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373), at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source), at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:34), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source), at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source), at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:701), at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:231), at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:527),
|
Resolution | - SSH to the primary using rsaadmin account.
- Navigate to utils:
cd /opt/rsa/am/utils - Type the following command to get the database password and when prompted, enter the OC Administrator username and password:
./rsautil manage-secrets -a get com.rsa.db.dba.password - Navigate to bin:
cd ../pgsql/bin - Type the following command to access the database and when prompted, enter the password that you get from step 3:
./psql -h localhost -p 7050 -d db -U rsa_dba - List the expired token serial number and its replacement using the token id in the log message:
select serial_number , replace_token_sn from am_token where id ='937abd321500f70a147e58a59bd04dc4'; - Update replacement mode value to 0 in rsa_rep.am_token table for expired token and its replacement:
db=# update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number = '000341939762'; UPDATE 1 db=# update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number = '000400282186'; UPDATE 1 - Delete expired token from am_token_replacement table:
db=# delete from am_token_replacement where replacing_token_id='937abd321500f70a147e58a59bd04dc4'; DELETE 1 - Delete the expired token from am_token table:
db=# delete from am_token where id ='937abd321500f70a147e58a59bd04dc4'; Delete 1 - Exit database mode:
\q
|