Unable to attach a replica instance to primary due to duplicate key value in RSA Authentication Manager 8.7 SP1 or later
2 years ago
Originally Published: 2024-03-09
Article Number
000072055
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.7 SP1 or later
Operating System: SUSE Linux
OS Version: SUSE Linux Enterprise Server 15 SP3
 
Issue
RSA Authentication Manager replica instance fails to attach to primary instance with an error at "Configuring replica instance".
Attaching a replica to primary fails.jpg
Note that the replica is freshly deployed and performed a Quick Setup with valid network details. 
Cause
There are a number of duplicate agent entries in the system to prevent attaching the replica instance to primary.
Download and examine the appliance_setuplogs.zip to see any exceptions and found the below in config.sh_Appliance_configureReplica_yyyymmddhhmmss.log file:  
473078 2024-03-07 03:32:20,611 INFO: Executing pg_restore.  Log output will be found here: /opt/rsa/am/install_logs/dbscripts/pg_restore-yyyymmddhhmmss.log
473082 2024-03-07 03:32:20,615 INFO: Executing /opt/rsa/am/pgsql/bin/pg_restore
Exception in thread "main" : exec returned: 1
	at org.apache.tools.ant.taskdefs.ExecTask.runExecute(ExecTask.java:646)
	at org.apache.tools.ant.taskdefs.ExecTask.runExec(ExecTask.java:672)
	at org.apache.tools.ant.taskdefs.ExecTask.execute(ExecTask.java:498)
	at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291)
	at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
	at Utils.exec(Utils.groovy:325)
	at Utils$exec$6.call(Unknown Source)
	at SetupReplica.loadPrimaryDatabase(SetupReplica.groovy:298)
	at SetupReplica.configureReplicaDatabaseAndPrepareForReplication(SetupReplica.groovy:476)
	at SetupReplica.configureReplica(SetupReplica.groovy:67)
	at SetupReplica$configureReplica$0.call(Unknown Source)
	at Appliance.configureReplica(Appliance.groovy:45)
	at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:68)
	at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)
	at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)
	at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)
	at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)
	at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)
	at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)
Configuration step Appliance:configureReplica [FAILED]

The database log in install_logs/dbscripts/pg_restore-yyyymmddhhmmss.log captured the error below: 
pg_restore: while PROCESSING TOC:
pg_restore: from TOC entry 8022; 0 18157 TABLE DATA am_host rsa_dba
pg_restore: error: COPY failed for table "am_host": ERROR:  duplicate key value violates unique constraint "uk_am_host_name"
DETAIL:  Key (name)=(ocio-17058t3.example.com) already exists.
CONTEXT:  COPY am_host, line 79274
pg_restore: warning: errors ignored on restore: 1
Resolution
The index issue is addressed in Hotfix 1. Apply RSA Authentication Manager 8.7 SP1 P1 Hotfix 1 available in RSA Portal. Review Hotfix 1 Readme file for further details.

After upgrading to hotfix 1, you need to verify if the reindexing is successful.
To verify, do the following:
1. Download the hotfix upgrade log “update-8.7.1.1.1-xxx.log” from /opt/rsa/am/server/logs.
2. Search for Executing SQL script /opt/rsa/am/utils/tools/dbrestore/reindex_database_db.sql.
3. Confirm whether the reindex script is executed successfully. 

For example, 
INFO: Executing SQL script /opt/rsa/am/utils/tools/dbrestore/reindex_database_db.sql
[copy] Copying 1 file to /tmp/rsa-install-2023-11-24-09-37-51
[copy] Copying /opt/rsa/am/utils/tools/dbrestore/reindex_database_db.sql to /tmp/rsa-install-2023-11-24-09-37-51/reindex_
database_db.sql
[exec] REINDEX
[delete] Deleting: /tmp/rsa-install-2023-11-24-09-37-51/reindex_database_db.sql
A successful execution of the script indicates that the PostgresSQL server has been reindexed successfully and no further action is required.
If the script fails to execute with an <error> , contact RSA Customer Support.
Workaround
For some reason, applying Hotfix 1 is not an option, then delete the agent records manually
1. Add a report with "List all Authentication Agent Records" template and run the report.
2. Download and examine the report with your preferred spreadsheet to see if there are any duplicate agent records.
3. In Microsoft Excel, highlight the column A and click Conditional Formatting > Highlight Cells Rules > Duplicate Values 
4. If required, use filter by color to locate the fields.
5. Search the agent records in Security Console > Access > Authentication Agents > Manage Existing and delete them manually

Related Articles

Trending Articles

Don't see what you're looking for?