'Synchronize Jurisdiction' operation fails on Registration Manager with errors XrcNOTFOUND and XrcXUDAUNABLE if one of the jurisdictions previously approved for RRM was deleted on RCM
Originally Published: 2013-03-27
Article Number
Applies To
RSA Certificate Manager 6.8
RSA Registration Manager 6.9
RSA Certificate Manager 6.9
Issue
'Synchronize Jurisdiction' operation (through System Operations workbench) on RSA Registration Manager fails with the following error:
domain-config-sync.xuda: Line 19820: [XrcNOTFOUND] unable to locate
requested member or object. LDAP_Query: [XrcXUDAUNABLE] unable to contact
directory server. LDAP_Replace failed! objectClass (xuda_domain_config),
dn (id=xuda_domain_config.id, CN=domains, CN=config) domain-config-
sync.xuda: Line 20101: [XrcXUDAUNABLE] unable to contact directory server.
domain-config-sync.xuda: Line 20203: [XrcNOTFOUND] unable to locate
requested member or object.
Cause
Resolution
1. Make a full backup of RRM before proceeding. (To do so, stop RRM services, make a backup of the full RRM install folder, then restart RRM services.)
2. Use a browser with RRM admin cert to go to the following URL, the page should show a list of objectclasses in reverse alphabetical order:
https://<RRM-hostname>:<RRM-admin-port>/ra/admin/listuclass.xuda
(Note: The tool listuclass.xuda should be used with extra care and exactly as instructed by RSA Customer Support. Any changes made to RCM/RRM db contents using listuclass may not be reversable; and restoring RCM/RRM db from a backup might be the only option to recover.)
3. From the list of objectclasses, click on "list" button against 'xuda_domain_config'. The next page will show a list of jurisdiction objects stored in RRM db.
4. Identify the jurisdiction that was removed on RCM side but still shows up on RRM as disabled and cannot be removed through RRM admin interface. To do so, click on "edit" button against each object and view the object details on next page to confirm if it's the jurisdiction we want (for example, look at the NAME attribute value for jurisdiction name). You can click the browser's back button to go back to the list of jurisdiction objects and click on "edit" button for the next jurisdiction object.
5. Once you have found the jurisdiction object (that was removed on RCM but still shows under disabled jurisdictions on RRM), and are on the page viewing details of the jurisdiction, scroll to the end of the page. Click on "DELETE Object" button to delete this jurisdiction object from the RRM db. Now close the browser window where you browsed to listuclass.xuda.
6. Go to RRM admin interface => System Configuration workbench => select 'Synchronize Jurisdictions => click on 'Synchronize' button. The jurisdictions should successfully synchronize.
Workaround
Notes
Related Articles
Manually (Bulk) Synchronize an Identity Source for Cloud Access Service Number of Views Set User Expectations for Device Registration and Authentication Number of Views Upgrade Internal Authentication Manager Certificates to SHA-256 Number of Views Add, Delete, and Test the Connection for an Identity Source in Cloud Access Service Number of Views RSA Authentication Manager 8.9 Administrator's Guide Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
