000035937 - RSA Authentication Manager 8.2 SP1 upgrade fails with the error: "Configuration step RadiusOCConfig.configureActualRADIUSServerUpgrade [FAILED]"

Document created by RSA Customer Support Employee on Jan 22, 2018Last modified by RSA Customer Support Employee on Jan 22, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035937
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
 
IssueUpgrading to SP1 on the RSA Authentication Manager 8.2 fails at the RADIUS configuration step and the rollback fails as well.The server becomes completely unusable.
The Update-8.2.1 log file (available from the Operations Console under Maintenance > Update & Rollback by clicking on the View Details link), shows the following errors:

Configuration step RadiusOCConfig.configureActualRADIUSServerUpgrade [FAILED] and "com.rsa.authmgr.radius.exception.RadiusSystemException: Unable to connect to RADIUS server within the given timeout".
----
----
[exec] 125407 2017-10-08 06:40:38,259 FATAL:      
[exec] The RADIUS server never successfully responded after 2 minutes of trying: com.rsa.authmgr.radius.exception.RadiusSystemException: Unable to connect to RADIUS server within the given timeout      
[exec] java.lang.AssertionError: The RADIUS server never successfully responded after 2 minutes of trying: com.rsa.authmgr.radius.exception.RadiusSystemException: Unable to connect to RADIUS server within the given timeout      
[exec]     at com.rsa.plugins.install.CommandLineInstallEngine.fail(CommandLineInstallEngine.groovy:282)
[exec]     at com.rsa.plugins.install.CommandLineInstallEngine$fail.call(Unknown Source)    
[exec]     at com.rsa.plugins.install.GroovyInstallEngine.fail(GroovyInstallEngine.groovy:31) 
[exec]     at com.rsa.plugins.install.GroovyInstallEngine$_buildScriptEnvironment_closure5.doCall(GroovyInstallEngine.groovy:159)   
[exec]     at ServiceControl.waitForRadiusToStart(ServiceControl.groovy:375)
[exec]     at ServiceControl.startRadius(ServiceControl.groovy:298)      
[exec]     at ServiceControl.startRadius(ServiceControl.groovy)      
[exec]     at ServiceControl$startRadius.call(Unknown Source)      
[exec]     at RadiusOCConfig.configureActualRADIUSServerUpgrade(RadiusOCConfig.groovy:655)      
[exec]     at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:68)    
[exec]     at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)      
[exec]     at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)      
[exec]     at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)      
[exec]     at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)    
[exec]     at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)    
[exec]     at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)    
[exec] Configuration step RadiusOCConfig.configureActualRADIUSServerUpgrade [FAILED]
-----
-----
at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40) Configuration step UpdateRollback:update [FAILED]
[ERROR] Error: Failed to invoke update engine: Failed to apply the update. java.lang.Exception: Failed to apply the update.

 

The RADIUS date.log, located in /opt/rsa/am/radius and named in the format of yyyymmdd.log (e. g., 20180119.log) shows the following errors:

 
10/08/2017 06:38:38 Version: v6.23.2 10/08/2017 06:38:38 Process ID of daemon is 27892
10/08/2017 06:38:38 Successfully transferred initial_admin_account.dat to vdb
10/08/2017 06:38:38 No administrative users found in /opt/rsa/am/radius/access.ini 10/08/2017 06:38:38 No administrative groups found in /opt/rsa/am/radius/access.ini 10/08/2017 06:38:38 IPv6 enabled
10/08/2017 06:38:38 Auto-configuring server IPv4 addresses
10/08/2017 06:38:38 Configured server IP address: xx.xx.1xx.yy7
10/08/2017 06:38:38 Auto-configuring server IPv6 addresses
10/08/2017 06:38:38 Initialization Warning - could not determine IPv6 address for this host, DNS returned no usable addresses 10/08/2017 06:38:39 Successfully created and closed saved-dcts.bin
10/08/2017 06:38:39 Evaluation period will expire on 2018-03-07
10/08/2017 06:38:39 Licensed for Enterprise Edition
10/08/2017 06:38:39 Failure encountered in attempt to read IP address for RAS client abc-xxS323.xyz.abs.com from the database
10/08/2017 06:38:39 Failed to initialize CRasClients object for RAS clients 10/08/2017 06:38:39 Unable to initialize RAS client database cache
10/08/2017 06:38:39 Failed to initialize Radius administration infrastructure
10/08/2017 06:38:39 Initialization failure, server shutting down
10/08/2017 06:38:39 Server shut down after failure -----
10/08/2017 06:48:37 Version: v6.23.2
10/08/2017 06:48:37 Process ID of daemon is 6134 10/08/2017 06:48:37 No administrative users found in /opt/rsa/am/radius/access.ini 10/08/2017 06:48:37 No administrative groups found in /opt/rsa/am/radius/access.ini
10/08/2017 06:48:37 Auto-configuring server IPv4 addresses
10/08/2017 06:48:37 Configured server IP address: xx.xx.1xx.yy7
10/08/2017 06:48:37 Successfully restored dictionary information from saved dict file
10/08/2017 06:48:37 Evaluation period will expire on 2018-03-07
10/08/2017 06:48:37 Licensed for Enterprise Edition
10/08/2017 06:48:37 Failure encountered in attempt to read IP address for RAS client abc-xxS323.xyz.abs.com from the database rsaadmin@phx-rsaprm-001:/opt/rsa/am/radius>
CauseThe upgrade fails because the installation script fails to find the IP address of a RADIUS client. The RADIUS client is configured without an IP address in the Authentication Manager database.
Resolution
  1. Gather the RADIUS date.log file by either:
    1. From the Operations Console select Administration > Download Troubleshooting  Files.
       
      1. Under Select Items, choose Authentication Manager log files and define a date range, ensuring it includes the date the upgrade was  attempted.
      2. Create a password and confirm it. 
      3. Click Generate and  Download Zip file.
      4. Using the password, open the .zip file then extract the RADIUS date.log.
       
    2. Open an SSH session or direct connection to the Authentication Manager server, navigate to /opt/rsa/am/radius.
    3. Locate the RADIUS date.log from the date the upgrade was attempted and open with vi or using WInSCP, copy it to your local machine.
  2. Open the RADIUS date.log file.
  3. Look for the error that suggests that the upgrade is failing to get the IP address of the RADIUS client:
Failure encountered in attempt to read IP address for RAS client xxS323.xyz.abs.com from the database.

  1. Restore the Authentication Manager 8.2 server from a snapshot.
  2. Log on to Security Console.
  3. Navigate to RADIUS > RADIUS Clients > Manage Existing.
  4. Search for the RADIUS client that appeared in the RADIUS date.log from step 3.
  5. Click on the context arrow and select Edit.
  6. You will notice that the IP address field is blank. Add the valid IP address for RADIUS client and click Save.
  7. Take a snapshot of the server.
  8. Perform the SP1 upgrade in the Operations Console. This time the upgrade will be successful.
     

Attachments

    Outcomes