Access denied error when running sync-tokens command in Authentication Manager 8.x
Originally Published: 2014-11-09
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Symptoms
- When trying to run the sync-tokens command with a super admin account, an access denied message is displayed.
- The super admin credentials, as well as other parameters, are entered in one line via command line. For example,
./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o /var/tmp/tokens.log -a -l
- The super admin user can run ./rsautil manage-oc-administrators with the same super admin account.
- The /opt/rsa/am/utils/logs/imsCluTrace.log shows following error:
@@@2014-11-07 10:19:32,929, [Main Thread], (EJBRemoteTargetBase.java:178), trace.com.rsa.command.EJBRemoteTargetBase, ERROR,SecurID.xxxxxx.com,,,,Exception during command execution.
com.rsa.authn.AuthenticationCommandException: Access Denied
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_1211_WLStub.executeCommand(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at com.sun.proxy.$Proxy0.executeCommand(Unknown Source)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:251)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:1)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167)
at com.rsa.command.DelegatingCommandTarget.executeCommand(DelegatingCommandTarget.java:66)
at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297)
at com.rsa.authn.LoginCommand.execute(LoginCommand.java:611)
at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:158)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740)
at com.rsa.command.ConnectionFactory.connect(ConnectionFactory.java:456)
at com.rsa.authmgr.admin.tools.SyncTokens.login(SyncTokens.java:66)
at com.rsa.authmgr.admin.tools.SyncTokens.main(SyncTokens.java:181)
Caused by: com.rsa.authn.AuthenticationCommandException: Access Denied
at com.rsa.authn.LoginCommand$Executive.execute(LoginCommand.java:775)
at com.rsa.authn.LoginCommand.performExecute(LoginCommand.java:679)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119)
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373)
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:696)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Cause
Resolution
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil sync-tokens -I Authenticator Bulk Synchronization Utility 8.2.1.8.0 (1398219) Copyright (C) 1994 - 2016 EMC Corporation. All Rights Reserved. Enter the absolute path for the output report file : /tmp/tokensync.txt Enter the base security domain name for recursive search [(none)]: none Enter the type of token selection [ (all) | file ]: all Choose a token filter [ assigned | unassigned | (both) ]: both What action do you wish to perform? [ (list) | modify ]: list Enter administrator user ID : administrator Enter administrative password : *********
Related Articles
Error message "Access denied - User not a member of any identity source in access policy" in RSA SecurID Access Number of Views "Access Denied" error when attempting to view detailed information on the RSA Via Lifecycle and Governance Users page Number of Views Access denied error while running the RSA Authentication Manager 8.x Administration SDK Number of Views Error 2004: Unable to communicate with server Access Denied when running RSA Authentication Manager Bulk Admin (AMBA) script Number of Views Error: 'Access denied. Auth lock error' using radius test client Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
