| Article Number | 000036859 |
| Applies To | RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x |
| Issue | - The console certificate has expired and the Operations Console service fails to start, causing all other services to fail except for the RSA Database Server service.
- An attempt to revert back original RSA internal certificate displays an error.
- Launch an SSH client, such as PuTTy.
- Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.
Note that during Quick Setup another user name may have been selected. Use that user name to login.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Sat Oct 20 04:45:08 2018 from 10.134.1.25
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@ace5:~> cd /opt/rsa/am/utils
rsaadmin@ace5:/opt/rsa/am/utils> ./rsautil reset-server-cert
Please enter OC Administrator username: <enter Operations Console administrator user name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing
at com.rsa.ims.security.lockbox.crypto.h.b(h.java:57)
at com.rsa.ims.security.lockbox.b.loadFields(b.java:119)
at com.rsa.ims.security.lockbox.h.loadFields(h.java:9)
at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:166)
at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:116)
at com.rsa.authmgr.install.tools.CertManager.execute(CertManager.java:141)
at com.rsa.authmgr.install.tools.CertManager.main(CertManager.java:260)
|
| Cause | The /opt/rsa/am/utils/etcsystemfields.properties file has been corrupted.
- Navigate to /opt/rsa/am/utils/etc.
- List the systemfields.properties.
- Note that the file permissions are -rw------- or read only (600).
rsaadmin@ace5:/opt/rsa/am/utils> cd etc
rsaadmin@ace5:/opt/rsa/am/utils/etc> ls -l *systemfields.properties*
-rw------- 1 rsaadmin rsaadmin 0 Apr 23 05:22 systemfields.properties
|
| Resolution | To resolve the issue, replace the systemfields.properties file that is in /opt/rsa/am/utils/etc with another instance of the file. Copy the systemfields.properties file from /opt/rsa/am/utils/original_data_backup/ to /opt/rsa/am/utils/etc.
rsaadmin@ace5:/opt/rsa/am/utils> cd /opt/rsa/am/utils/etc
rsaadmin@ace5:/opt/rsa/am/utils/etc> mv systemfields.properties systemfields.properties.original
rsaadmin@ace5:/opt/rsa/am/utils/etc> cp /opt/rsa/am/utils/original_data_backup/systemfields.properties ./
|
| Notes | The systemfields.properties file can also be copied from the /opt/rsa/am/utils/etc directory on the replica.
File copy needs to be done because just changing file permissions does not resolve the error.
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Fri Oct 26 07:28:44 2018 from 192.168.2.102
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/utils/etc
rsaadmin@am81p:/opt/rsa/am/utils/etc> ls -l
total 80
-rw-r--r-- 1 rsaadmin rsaadmin 1891 Dec 6 2013 1666addb1e02a8c008016d234bd2b1d7.MetaData.properties
-rw-r--r-- 1 rsaadmin rsaadmin 1569 Dec 6 2013 1666addb1e02a8c008016d234bd2b1d7.Values.properties
-rw-r--r-- 1 rsaadmin rsaadmin 4229 Nov 6 2013 applianceBackupFiles.properties
-rw------- 1 rsaadmin rsaadmin 163 Feb 8 2016 appserver_version.properties
-rw-r--r-- 1 rsaadmin rsaadmin 163 Feb 8 2016 appserver_version.properties.bak
-rw-r--r-- 1 rsaadmin rsaadmin 524 Nov 6 2013 authnidp_rsa_component_list.xml
-rw-r--r-- 1 rsaadmin rsaadmin 0 Oct 20 05:50 bat
-rw-r--r-- 1 rsaadmin rsaadmin 0 Oct 20 05:52 fil
-rw-r--r-- 1 rsaadmin rsaadmin 210 Dec 6 2013 Global.MetaData.properties
-rw-r--r-- 1 rsaadmin rsaadmin 197 Dec 6 2013 Global.Values.properties
-rw------- 1 rsaadmin rsaadmin 211 Oct 20 03:03 ims_log_fullscan_needed.properties
-rw-r--r-- 1 rsaadmin rsaadmin 154 Nov 6 2013 jaas.config
-rw-r--r-- 1 rsaadmin rsaadmin 1471 Dec 6 2013 jndi.properties
-rw-r--r-- 1 rsaadmin rsaadmin 3785 Oct 24 2016 patchHistory.dat
-rw-r--r-- 1 rsaadmin rsaadmin 280 Dec 6 2013 redirector.properties
-rw-r--r-- 1 rsaadmin rsaadmin 955 Nov 6 2013 replica-data.properties
-rw-r--r-- 1 rsaadmin rsaadmin 1424 Nov 6 2013 rsa_api.properties
-rw-r--r-- 1 rsaadmin rsaadmin 3817 Dec 6 2013 rsa_component_list.xml
drwxr-xr-x 2 rsaadmin rsaadmin 4096 Oct 5 06:14 rsaserv
-rw-r--r-- 1 rsaadmin rsaadmin 3425 Nov 6 2013 softwareBackupFiles.properties
-rw-r--r-- 1 rsaadmin rsaadmin 906 Nov 6 2013 support.properties
-rw-r--r-- 1 rsaadmin rsaadmin 0 Oct 26 07:30 systemfields.properties
rsaadmin@am81p:/opt/rsa/am/utils/etc> cd ..
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil reset-server-cert
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing
at com.rsa.ims.security.lockbox.crypto.h.b(h.java:57)
at com.rsa.ims.security.lockbox.b.loadFields(b.java:119)
at com.rsa.ims.security.lockbox.h.loadFields(h.java:9)
at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:166)
at com.rsa.ims.security.keymanager.sys.ServerAccessInfo.<init>(ServerAccessInfo.java:116)
at com.rsa.authmgr.install.tools.CertManager.execute(CertManager.java:141)
at com.rsa.authmgr.install.tools.CertManager.main(CertManager.java:260)
rsaadmin@am81p:/opt/rsa/am/utils>
|
on Nov 14, 2018