Unable to login to Self-Service Console after moving web tier to Internet in RSA Authentication Manager 8.4 patch 6
Originally Published: 2019-11-06
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0
Issue
- When the user logs in to Self-Service Console, it displays the following error:
Sorry, your request cannot be processed at this time. It either has been processed or is bad request. Return to home and try again.
- The [wt_home]/server/logs/imsConsoleTrace.log on the web tier shows the following error:
com.rsa.command.AuditedLocalizableSystemException: COMMAND_EXECUTION_UNEXPECTED_ERROR Caused by: com.rsa.common.SystemException:
Access denied. The authentication request was routed through a load balancer/Proxy server that is not recognized by the system.
- The /opt/rsa/am/server/logs/imsTrace.log shows an unknown IP address:
trace.com.rsa.ims.sso.service.SSOServiceImpl, FATAL, <FQDN of Auth Manager server>,,,,Access denied.
The authentication request was routed through a load balancer <IP address> (This IP is not used to define the virtual host in Operations Console).
- The /opt/rsa/am/server/logs/imsTrace.log shows the following error:
2019-10-14 16:35:04,156, [[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'], (SSOServiceImpl.java:285),
trace.com.rsa.ims.sso.service.SSOServiceImpl, FATAL, <FQDN of Auth Manager server>,,,,Access denied. The authentication request was routed
through a load balancer <IP address> that is not recognized by the system.
- The opt/rsa/am/server/logs/AdminServer_access.log on Web Tier has the following lines showing the incorrect IP address:
#Start-Date: 2019-10-14 16:34:56 <IP address> 2019-10-14 16:34:56 0.313 GET / 302 285 <IP address> 2019-10-14 16:34:56 0.187 GET /console-selfservice/ 302 313 <IP address> 2019-10-14 16:34:57 0.844 GET /console-selfservice/SelfService.do 200 13280 <IP address> 2019-10-14 16:34:58 0.031 GET /console-selfservice/images/default/caret_gray.gif 200 56 <IP address> 2019-10-14 16:34:58 0.0 GET /console-selfservice/images/default/icn_help.gif 200 1648 <IP address> 2019-10-14 16:34:58 0.0 GET /console-selfservice/images/default/icn_help_caret.gif 200 49 <IP address> 2019-10-14 16:34:58 0.016 GET /console-selfservice/images/default/spacer.gif 200 43 <IP address> 2019-10-14 16:34:58 0.094 GET /console-selfservice/framework/rsa/css/framework-ext.css 200 20506 <IP address> 2019-10-14 16:34:58 0.0 GET /console-selfservice/images/default/icn_wait.gif 200 771 <IP address> 2019-10-14 16:34:58 0.203 GET /console-selfservice/framework/js/extjs/4.0.2a/resources/css/ext-all-gray.css 500 5931 <IP address> 2019-10-14 16:34:58 0.407 GET /console-selfservice/framework/js/extjs/4.0.2a/ext-all.js 500 5931 <IP address> 2019-10-14 16:34:58 0.141 GET /console-selfservice/images/default/selfservice_logo.gif 200 16268 <IP address> 2019-10-14 16:34:58 0.093 GET /console-selfservice/common/components/smartmenu/c_smartmenus.js 200
Cause
Resolution
- Login to the primary's RSA Authentication Manager Operations Console.
- Go to Deployment Configuration > Virtual Host & Load Balancing.
- Add the appropriate IP address in Load Balancer Details box and press Add when done.
- Press Save to exit.
Workaround
- SSH to v8.0 appliance as rsaadmin.
- Obtain Database Administrator User ID (rsa_dba) password.
NOTE: the OC Administrator username and returned rsa_dba password shown below are example values only. rsaadmin@am8-p:~> cd /opt/rsa/am/utils rsaadmin@am8-p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: ocadmin Please enter OC Administrator password: ******** com.rsa.db.dba.password: FO3hibQ7dCYPQpeXjHsP7xxwhSpJEK
- Connect to the Authentication Manager 8.x database.
rsaadmin@am8-p:/opt/rsa/am/pgsql/bin> ./psql -h localhost -p 7050 -d db -U rsa_dba
- You will be prompted for the com.rsa.db.dba.password obtained previously. SQL queries can then be run from the command line then bypass the loadbalance IP issue:
rsaadmin@am8p:/opt/rsa/am/pgsql/bin> ./psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba: psql.bin (9.1.9) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=#UPDATE RSA_REP.ims_config_value SET value='true' WHERE name='ims.sso.service.bypass_loadbalancer_config_check';
- Finally, restart AM services:
rsaadmin@amp:/opt/rsa/am/server> ./rsaserv restart all
- Check if Webtiers require reinstallation and the issue will be resolved afterwards.
Notes
Related Articles
Error: Unable to perform pre-login process when trying to login to RSA Authentication Manager 8.x Web Tier Self Service Co… Number of Views Unable to access Quick Setup page in RSA Authentication Manager 8.x Number of Views RSA Authenticator 4.3 for iOS and Android Quick Start Guide (Spanish) Number of Views Error Unable to resolve user by login ID and/or alias, or authenticator not assigned to user when attempting to authentica… Number of Views RSA Authenticator 6.2 for Windows Quick Start Guide (Italian) Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
