Remote collection agents fail after installing JRE/JDK 1.7.0_191+ or 1.8.0_181+ in RSA Identity Governance & Lifecycle
Originally Published: 2019-04-29
Article Number
Applies To
RSA Version/Condition: 7.1.0, 7.1.1
Issue
The aveksaAgent.log file (/home/{remoteagentuser}/AveksaAgent/logs/aveksaAgent.log) contains the following errors:
com.aveksa.common.ConfigException: java.lang.NullPointerException at com.aveksa.client.datacollector.framework.DataCollectorManager.initCollector(DataCollectorManager.java:627) at com.aveksa.client.datacollector.framework.DataCollectorManager.performQuery(DataCollectorManager.java:562) at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:480) at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:120) at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60) at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67) at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377) at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364) at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58) at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.NullPointerException at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.getReaderClassName(AccountDataCollector.java:226) at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.configureReader(AccountDataCollector.java:183) at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.init(AccountDataCollector.java:159) at com.aveksa.client.datacollector.framework.DataCollectorManager.initCollector(DataCollectorManager.java:621) ... 10 more
Other errors that have been seen in the aveksaAgent.log file (/home/{remoteagentuser}/AveksaAgent/logs/aveksaAgent.log) associated with this issue are:
java.lang.NoClassDefFoundError: com/aveksa/collector/accountdata/LdapAccountDataReaderConfig
and/or
java.lang.NoClassDefFoundError: com/aveksa/collector/db/util/DBPerformQueryCallbacks
Cause
This change can also affect collections where certificate validation of the end point certificates is done. Please see RSA Knowledge Base Article 000036712 - LDAP Collector reports "No subject alternative names matching IP address n.n.n.n found" in RSA Identity Governance & Lifecycle for more information.
Resolution
- RSA Identity Governance & Lifecycle 7.1.0 P07
- RSA Identity Governance & Lifecycle 7.1.1 P01
- RSA Identity Governance & Lifecycle 7.2.0 *
After installing one of the above patches, the next step is to generate and download new RSA Identity Governance & Lifecycle server and client internal certificates. Because of the patch, these newly generated certificates will be of the correct format expected by the latest JRE and JDK versions.
* Note that new installations of RSA Identity Governance & Lifecycle 7.2.0 are not susceptible to this issue. Customers upgrading to 7.2.0 from a previous version are affected and will have to follow the steps in the following section.
Steps:
- Download and apply patch 7.1.0 P07 or 7.1.1 P01 or 7.2.0 depending on your product version.
- Regenerate the server and client certificates as per RSA Knowledge Base Article 000038314 -- How to update the root (server) and client certificates in RSA Identity Governance & Lifecycle.
Notes: The server certificate resides on the RSA Identity Governance & Lifecycle server. The client certificate resides on the remote agent server. The client certificate needs to be copied to each remote agent system.
IMPORTANT: If you use AFX, the AFX Server client keystore will also need to be updated as explained in the above-referenced RSA Knowledge Base Article.
Workaround
Related Articles
RSA Access Manager with MSSQL Data Adapter is not compatible with Java Development Kit (JDK) 1.6.0_29 Number of Views Are there any setbacks for having active members in disabled roles in IMG/Aveksa? Number of Views RSA Community Quickstart Guide Number of Views RSA Identity Management and Governance 6.9.1 installation fails while installing JDK with error "tar: /tmp/aveksa/packages… Number of Views “An issue with handling encryption was encountered" with IBM JDK 1.8.0_281 and later in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
