000035778 - RSA Authentication Manager 8.2 Service Pack 1 Patch 6 introduces manual synchronization

Document created by RSA Customer Support Employee on Jan 9, 2018Last modified by RSA Customer Support Employee on Jan 9, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035778
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1 P6 or later
IssueThe replication status reports Out of Sync and the action to synchronization the primary instance database fails as the primary database dump is too big to be pushed to the replica instance in a timely fashion, probably due to the primary and replica instances being separated geographically.
ResolutionRSA Authentication Manager 8.2 Service Pack 1 Patch 6 introduces a method of performing a manual transfer of the primary dump and primary dump SHA-256 signature file to the replica instance.
NOTE: This procedure requires secure shell (SSH) to be enabled on the Authentication Manager instances in the deployment.  Refer to the article on how to Enable Secure Shell on the Appliance for more information.
The following instructions allow an administrator to perform the manual transfer of the primary dump and primary dump SHA-256 signature file to single replica instance. Where there is more than one replica instance in the Authentication Manager deployment, repeat the instructions for each replica instance that requires a Sync. Only synchronize one replica instance at a time.

On a replica instance

  1. Logon to the command line of a replica instance with the rsaadmin account.
  2. On the replica instance navigate to /opt/rsa/am/utils folder using the command :

cd /opt/rsa/am/utils

  1. Add a new global parameter to the replica instance using the command : 

./rsautil store -a add_config auth_manager.synchronization.manual_transfer.wait.minutes 15 GLOBAL 501

The command auth_manager.synchronization.manual_transfer.wait.minutes is a timer delay providing fifteen (15) minutes for the administrator to perform the manual transfer. This value can be altered, however fifteen minutes is more than enough time to move a 2GB primary dump with SHA-256 signature file to the replica instance.

  1. On the replica instance navigate to /opt/rsa/am/replication/attachment_data_from_primary:

cd /opt/rsa/am/replication/attachment_data_from_primary

On the primary instance

  1. Logon to command line of the primary instance with the rsaadmin account.
  2. Logon to the primary Operations Console and select Deployment Configuration > Instances > Status Report.  Click the Sync link in the Action column for replica instance where you have the SSH session open.
  3. Wait for the task Starting database dump on primary to start.
  4. At the command line of the primary instance, navigate to /opt/rsa/am/replication/attachment_data_for_replica

cd /opt/rsa/am/replication/attachment_data_for_replica

  1. In the /opt/rsa/am/replication/attachment_data_for_replica folder, the administrator will find a new folder called instance_<number>.
  2. Navigate into this folder:

cd instance_<number>

NOTE: The primary_dump and primary_dump.sha256 will be created in the instance_<number> folder. When the administrator sees the primary_dump.sha256 file then further tasks are required on the replica instance.

Back on the replica instance

  1. The administrator should already be in /opt/rsa/am/replication/attachment_data_from_primary.
  2. Use the secure FTP program on the replica instance to connect to the primary instance

sftp <IP_Address_of_primary>

  1. In the secure FTP program 


  1. List the contents of the folder to get the instance folder name (e. g., instance_58eec9809c02a8c079e893aebc640009).

ls instance_58eec9809c02a8c079e893aebc640009

  1. Now navigate into the instance folder with the command :

cd instance_<number>

  1. Manually transfer the primary dump and primary dump SHA-256 signature file to the replica instance with the following commands :

get primary_dump
get primary_dump.sha256

  1. Check the remote files on the primary instance are the same size as the files copied to the replica instance:

ls -lah & lls -lah

  1. Where the files match in size, the administrator can exit the secure FTP program:



Back on the primary instance

  1. Go back to the web browser showing the Sync tasks in the primary Operations Console and monitor the completion of the Tasks.
  2. After the Task Starting replica services has completed click the Done button and check the replication status of the replica instance. It is expected to be Normal.
NotesWhere the customer is not running an Authentication Manager deployment with RSA Authentication Manager 8.2 Service Pack 1 Patch 6 software then the Authentication Manager instances can be updated with the later software before using this RSA knowledge article.
Refer to 000035766 Software update for RSA Authentication Manager 8.x fails with error: Replication flush failed if there is an issue with the software update.