RSA Product Set: SecurID
RSA Product/ Service Type: Authentication Manager Web Tier
RSA Version/Condition: 8.x
Functions that utilize an RSA SecurID Web Tier server, such as importing a software token via CT-KIP, are not working, and the Web Tier has a status of either "Offline" or "Offline, reinstall required" in the RSA SecurID Authentication Manager Operations Console (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing.)
The imsTrace.log on the Web Tier server shows the following message(s):
[pool-2-thread-1], (BootstrapperWorker.java:172), trace.com.rsa.tool.webtierbootstrapper.BootstrapperWorker, ERROR, <Web-Tier hostname>,,,,Errors occur when checking Webtier Update Artifacts on Preferred Server.Insufficient privilege to do WebTier Configuration
[pool-2-thread-1], (EJBRemoteTargetBase.java:187), trace.com.rsa.command.EJBRemoteTargetBase, ERROR, <Web-Tier hostname>,,,,Exception during command execution.
com.rsa.command.exception.InsufficientPrivilegeException: Insufficient privilege to do WebTier Configuration
[pool-2-thread-1], (UpdateServerListWorker.java:97), trace.com.rsa.tool.webtierbootstrapper.UpdateServerListWorker, ERROR, <Web-Tier hostname>,,,,Error occur when updating server list
com.rsa.command.exception.InsufficientPrivilegeException: Insufficient privilege to do WebTier Configurationand/or,
Webtier host not found. Exiting checking server list update.This issue can occur when there is a mismatch between the hostname of the Web Tier server and the hostname of the record for it in the Authentication Manager Operations Console (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing).
Depending on which message(s) noted in the Issue section above are included in the Web Tier server's imsTrace.log, do the following:
- If the "Insufficient privilege to do WebTier Configuration" error messages are found in the Web Tier's imsTrace.log file, then:
-
- Correct the hostname mismatch between the Web Tier server and the record for it in Authentication Manager by either updating the hostname on the local Web Tier server or the hostname of the record for the Web Tier server in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing).
- Generate a new Web-Tier Deployment Package.
- Uninstall and re-install the Web Tier.
- If only the "Webtier host not found" message is found (and not the "Insufficient privilege to do WebTier Configuration" messages), then do either of the following:
-
- Change the hostname on the local Web Tier server to match the hostname of the record for it in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing), then:
-
-
- Restart the Web Tier server.
-
or,
-
- Change the hostname of the record for the Web Tier server in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing) to match the hostname of the local Web Tier server, and then:
-
-
- Generate a new Web-Tier Deployment Package.
- Uninstall and re-install the Web Tier.
-
Related Articles
StealthAUDIT hosts have a status of Offline in RSA Identity Governance and Lifecycle Number of Views AFX Server remains in a 'Not running' State, afx status shows 'timed out waiting for AFX applications to start' and esb.AF… Number of Views AFX Server stuck in 'Not running' State, with error 'timed out waiting for AFX applications to start' Number of Views RSA Authentication Manager 8.8 upgrade fails with ERROR: auth_manager.rest_service.old_access_key is not found Number of Views When signing a SHA256 CA off a SHA1 Root CA it does not have a SHA256 signature algorithm in RCM Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
