2020-06-08T22:31:45,850+0200,com.rsa.ucm.am8,27,INFO ,[RESULT_STATUS]: 
userAuthn completes in 89008ms. Result: (false) Message: 
org.springframework.remoting.RemoteAccessException : 
Could not access HTTP invoker remote service at [/ims-ws/httpinvoker/CommandServer]; 
nested exception is org.apache.commons.httpclient.HttpException: 
Did not receive successful HTTP response: 
status code = 401, status message = [Unauthorized]

Retrieve the Command API Client User ID and Password from the RSA Authentication Manager primary instance and correct the values in the AMIS configuration files. 
 

1. Enable Secure Shell on the Appliance.
2. Log On to the Appliance Operating System with SSH
3. Launch an SSH client, such as PuTTY.
4. Log in to the primary Authentication Manager server as rsaadmin and enter the operating system password.

During Quick Setup, another username may have been selected. Use that username to log in.

5. Go to /opt/rsa/am/utils:

login as: rsaadmin
Using keyboard-interactive authentication. 
Password: <enter operating system user password> 
Last login: Tue Apr 7 13:47:05 2020 from 192.168.11.19
RSA Authentication Manager Installation Directory: /opt/rsa/am 
rsaadmin@testam84p:~> cd /opt/rsa/am/utils

6. ​​​​​​​Run the following command to retrieve the Command API Client User ID and Password (these values are different in each deployment):

rsaadmin@testam84p:/opt/rsa/am/utils> ./rsautil manage-secrets --action list
Please enter OC Administrator username: <enter the name of an Operations Console administrator>
Please enter OC Administrator password: <enter the password for the Operations Console administrator>
Secrets stored in ./etc/systemfields.properties.
Command API Client User ID ............................: CmdClient_06q3iicq
Command API Client User Password ......................: V5KNLLjnJD81NyRfzi7L71xKV0towQ
SSL Server Identity Certificate Private Key Password ..: bOyxnV032yVRMQWnFftb4fNG7xq9VP
SSL Server Identity Certificate Keystore File Password : UVPAsZhN4eWyh1pb3RSAY3MgIUtZNL
Root Certificate Private Key Password .................: djLvIilLRqDNZfwgkVc9ZgTLBQrAX6
Root Certificate Keystore File Password ...............: Ttw14wO6zVzCatRLrYHDS9nkPKfYnl

The "listkeys" action displays the key names to use when setting the values.

7. Log in to the RSA Authentication Manager Prime server CLI.
8. Open the <Primekit_installation_directory>/configs/amis/tomcat-amis/setenv.sh.
9. Populate the retrieved values as shown in the bolded sections.

...
export CATALINA_OPTS="$CATALINA_OPTS '-Dam.server=192.168.65.123'"
export CATALINA_OPTS="$CATALINA_OPTS '-Dsmtp.server=mailhub.mailserver.com'"
export CATALINA_OPTS="$CATALINA_OPTS '-Dlog.level=DEBUG'"
export CATALINA_OPTS="$CATALINA_OPTS '-Dam.webtier.server=webtier.lab.com'"
export CATALINA_OPTS="$CATALINA_OPTS '-Dam.command.client.user.id=CmdClient_06q3iicq'"
export CATALINA_OPTS="$CATALINA_OPTS '-Dam.command.client.password=V5KNLLjnJD81NyRfzi7L71xKV0towQ'"
...

10. Restart the AMIS service:

service tomcat-amis restart

• The RSA Authentication Manager Prime Kit installation directory will differ from one environment to the other. The administrator should be aware of the installation directory. The subdirectories and file names will not change. 
• Restarting the service steps will differ from one environment to the other. The administrator should know how to restart a certain service in their environment.