Migration to RSA Authentication Manager 8.1 with the option to retain system settings fails with an error about duplicate or already existing pk_ims_certificates
Originally Published: 2015-01-14
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
Issue
The migration log shows the error: "Database error during inserting migrated certificates to certificate table. The duplicate key value violates unique constraint. PK_IMS_Certificates."
Cause
Workaround
Before proceeding with the steps below, take a backup of the Authentication Manager database through the Operations Console (Maintenance > Backup > Backup Now).
- Logon to the Authentication Manager 8.1 primary via SSH, vSphere client or local console session.
- Navigate to /opt/rsa/am/utils.
- Run the command ./rsautil manage-secrets -a get com.rsa.db.dba.password. This returns the database password that is unique to the deployment. This password will be copied then pasted at the prompt for the database password.
- At the database prompt (db=#),run a select statement to find the SMS certificate entry: SELECT * from rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe'; where the certificate ID is the value seen in the migration log. (Note the semicolon at the end of the command.) The output should be for one row.
- Now run a delete command to delete this entry. The command is: DELETE FROM rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe'; (Note the semicolon at the end of the command.)
A sample of the steps is below:login as: rsaadmin Using keyboard-interactive authentication. Password: <enter OS password> Last login: Fri Oct 2 15:32:51 2015 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am81p:~> cd /opt/rsa/am/utils rsaadmin@am81p:~> ./rsautil manage-secrets -a get com.rsa.db.dba.password rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter OC admin username> Please enter OC Administrator password: <enter OC admin password> com.rsa.db.dba.password: rSKD5bGguLGNL9uGvFWnJoxIcHJah2 rsaadmin@am81p:/opt/rsa/am/utils> ../pgsql/bin rsaadmin@am81p:/opt/rsa/am/pgsql/bin> ./psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: rSKD5bGguLGNL9uGvFWnJoxIcHJah2 psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=# SELECT * from rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe'; db=# DELETE from rsa_rep.ims_certificates WHERE id LIKE '36aa51c92ae110ac028c68c0329966fe';
-
Run the migration again.
Notes
Related Articles
Error "com.rsa.ims.security.keymanager.sys.MissingSystemKeysException: System fingerprint encrypted key is missing" on RS… Number of Views log4j:WARN No appenders could be found for logger (trace.com.rsa.ims.security.crypto.config.CryptoConfiguration). Log4J;Wa… Number of Views Authentication Manager 8.6 patch 3 System Activity Monitor displaying warning "system.com.rsa.ims.license.impl.LicenseServ… Number of Views LookupAMPrincipalCommand failed, Expected: IMSGUID, got class com.rsa.ims.common.DNGUID for RSA Authentication Manager Adm… Number of Views Replica having trouble authenticting users. Unexpected error retrieving ldap config info ims.ldap.connect. Using default v… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
