000035368 - 'There was a problem processing your request' error when attempting to delete expired tokens in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Sep 4, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035368
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
 
Issue"There was a problem processing your request. 
Unexpected error during command com.rsa.authmgr.admin.tokenmgt.DeleteTokensCommand execution
." error when trying to delete expired tokens from Security Console.
System Activity Monitor (Reporting > Real Time Activity Monitor > System Activity Monitor or Reporting > Reports > Add New > System Activity) shows the following error:

com.rsa.common.UnexpectedDataStoreException: org.springframework.dao.DataIntegrityViolationException: 
could not delete: [com.rsa.authmgr.internal.admin.tokenmgt.dal.Token#937abd321500f70a147e58a59bd04dc4];
SQL [delete from AM_TOKEN where ID=? and ROW_VERSION=?]; constraint [fk_am_replacing_tkn_id];
nested exception is org.hibernate.exception.ConstraintViolationException:
could not delete: [com.rsa.authmgr.internal.admin.tokenmgt.dal.Token#937abd321500f70a147e58a59bd04dc4],
at com.rsa.authmgr.internal.admin.common.dal.sql.DataObjectAccessSql.delete(DataObjectAccessSql.java:342),
at com.rsa.authmgr.internal.admin.tokenmgt.dal.sql.TokenAccessSQL.delete(TokenAccessSQL.java:124),
at com.rsa.authmgr.internal.admin.tokenmgt.impl.TokenAdministrationImpl.delete(TokenAdministrationImpl.java:583),
at com.rsa.authmgr.admin.tokenmgt.DeleteTokensCommand$Executive.execute(DeleteTokensCommand.java:36),
at com.rsa.authmgr.admin.tokenmgt.DeleteTokensCommand.performExecute(DeleteTokensCommand.java:113),
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119),
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1),
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268),
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1),
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:131),
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260),
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933),
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1),
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113),
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439),
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445),
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373),
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89),
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source),
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:34),
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source),
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source),
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:701), 
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:231), 
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:527), 


 
Resolution
  1. SSH to the primary using rsaadmin account.
  2. Navigate to utils:
    cd /opt/rsa/am/utils

  3. Type the following command to get the database password and when prompted, enter the OC Administrator username and password:
    ./rsautil manage-secrets -a get com.rsa.db.dba.password

  4. Navigate to bin:
    cd ../pgsql/bin

  5. Type the following command to access the database and when prompted, enter the password that you get from step 3:
    ./psql -h localhost -p 7050 -d db -U rsa_dba

  6. List the expired token serial number and its replacement using the token id in the log message:
    select serial_number , replace_token_sn  from am_token where id ='937abd321500f70a147e58a59bd04dc4';

  7. Update replacement mode value to 0 in rsa_rep.am_token table for expired token and its replacement:
    db=# update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number = '000341939762'; 
    UPDATE 1
    db=# update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number = '000400282186';
    UPDATE 1

  8. Delete expired token from am_token_replacement table:
    db=# delete from am_token_replacement where replacing_token_id='937abd321500f70a147e58a59bd04dc4';
    DELETE 1

  9. Delete the expired token from am_token table:
    db=# delete from am_token where id ='937abd321500f70a147e58a59bd04dc4';
    Delete 1

  10. Exit database mode:
    \q

Attachments

    Outcomes