RSA Product Set: SecurID
RSA Product/ Service Type: Authentication Manager Web Tier
RSA Version/Condition: 8.x
Functions that utilize an RSA SecurID Web Tier server, such as importing a software token via CT-KIP, are not working, and the Web Tier has a status of either "Offline" or "Offline, reinstall required" in the RSA SecurID Authentication Manager Operations Console (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing.)
The imsTrace.log on the Web Tier server shows the following message(s):
[pool-2-thread-1], (BootstrapperWorker.java:172), trace.com.rsa.tool.webtierbootstrapper.BootstrapperWorker, ERROR, <Web-Tier hostname>,,,,Errors occur when checking Webtier Update Artifacts on Preferred Server.Insufficient privilege to do WebTier Configuration
[pool-2-thread-1], (EJBRemoteTargetBase.java:187), trace.com.rsa.command.EJBRemoteTargetBase, ERROR, <Web-Tier hostname>,,,,Exception during command execution.
com.rsa.command.exception.InsufficientPrivilegeException: Insufficient privilege to do WebTier Configuration
[pool-2-thread-1], (UpdateServerListWorker.java:97), trace.com.rsa.tool.webtierbootstrapper.UpdateServerListWorker, ERROR, <Web-Tier hostname>,,,,Error occur when updating server list
com.rsa.command.exception.InsufficientPrivilegeException: Insufficient privilege to do WebTier Configurationand/or,
Webtier host not found. Exiting checking server list update.This issue can occur when there is a mismatch between the hostname of the Web Tier server and the hostname of the record for it in the Authentication Manager Operations Console (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing).
Depending on which message(s) noted in the Issue section above are included in the Web Tier server's imsTrace.log, do the following:
- If the "Insufficient privilege to do WebTier Configuration" error messages are found in the Web Tier's imsTrace.log file, then:
-
- Correct the hostname mismatch between the Web Tier server and the record for it in Authentication Manager by either updating the hostname on the local Web Tier server or the hostname of the record for the Web Tier server in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing).
- Generate a new Web-Tier Deployment Package.
- Uninstall and re-install the Web Tier.
- If only the "Webtier host not found" message is found (and not the "Insufficient privilege to do WebTier Configuration" messages), then do either of the following:
-
- Change the hostname on the local Web Tier server to match the hostname of the record for it in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing), then:
-
-
- Restart the Web Tier server.
-
or,
-
- Change the hostname of the record for the Web Tier server in Authentication Manager (Operations Console > Deployment Configuration > Web-Tier Deployments > Manage Existing) to match the hostname of the local Web Tier server, and then:
-
-
- Generate a new Web-Tier Deployment Package.
- Uninstall and re-install the Web Tier.
-
Related Articles
RSA SecurID Access Automatic Integrated Windows Authentication (IWA) not working Number of Views Managing the Web-Tier Service Number of Views Online, Reinstall Required message on Web Tier after reinstalling with the new RSA Authentication Manager 8.x Web-Tier pac… Number of Views Web Tier status offline/Reinstall status changes to pending connection for RSA Authentication Manager 8.4 Number of Views AFX Server stuck in 'Not running' State, with error 'timed out waiting for AFX applications to start' Number of Views
