'Synchronize Jurisdiction' operation fails on Registration Manager with errors XrcNOTFOUND and XrcXUDAUNABLE if one of the jurisdictions previously approved for RRM was deleted on RCM
Originally Published: 2013-03-27
Article Number
Applies To
RSA Certificate Manager 6.8
RSA Registration Manager 6.9
RSA Certificate Manager 6.9
Issue
'Synchronize Jurisdiction' operation (through System Operations workbench) on RSA Registration Manager fails with the following error:
domain-config-sync.xuda: Line 19820: [XrcNOTFOUND] unable to locate
requested member or object. LDAP_Query: [XrcXUDAUNABLE] unable to contact
directory server. LDAP_Replace failed! objectClass (xuda_domain_config),
dn (id=xuda_domain_config.id, CN=domains, CN=config) domain-config-
sync.xuda: Line 20101: [XrcXUDAUNABLE] unable to contact directory server.
domain-config-sync.xuda: Line 20203: [XrcNOTFOUND] unable to locate
requested member or object.
Cause
Resolution
1. Make a full backup of RRM before proceeding. (To do so, stop RRM services, make a backup of the full RRM install folder, then restart RRM services.)
2. Use a browser with RRM admin cert to go to the following URL, the page should show a list of objectclasses in reverse alphabetical order:
https://<RRM-hostname>:<RRM-admin-port>/ra/admin/listuclass.xuda
(Note: The tool listuclass.xuda should be used with extra care and exactly as instructed by RSA Customer Support. Any changes made to RCM/RRM db contents using listuclass may not be reversable; and restoring RCM/RRM db from a backup might be the only option to recover.)
3. From the list of objectclasses, click on "list" button against 'xuda_domain_config'. The next page will show a list of jurisdiction objects stored in RRM db.
4. Identify the jurisdiction that was removed on RCM side but still shows up on RRM as disabled and cannot be removed through RRM admin interface. To do so, click on "edit" button against each object and view the object details on next page to confirm if it's the jurisdiction we want (for example, look at the NAME attribute value for jurisdiction name). You can click the browser's back button to go back to the list of jurisdiction objects and click on "edit" button for the next jurisdiction object.
5. Once you have found the jurisdiction object (that was removed on RCM but still shows under disabled jurisdictions on RRM), and are on the page viewing details of the jurisdiction, scroll to the end of the page. Click on "DELETE Object" button to delete this jurisdiction object from the RRM db. Now close the browser window where you browsed to listuclass.xuda.
6. Go to RRM admin interface => System Configuration workbench => select 'Synchronize Jurisdictions => click on 'Synchronize' button. The jurisdictions should successfully synchronize.
Workaround
Notes
Related Articles
Manage User Groups Number of Views Previously entered form values in RSA Via Lifecycle and Governance are not refreshed when navigating back in the form Number of Views Unable to reassign a local entitlement to a user if it has been previously revoked in RSA Identity Governance & Lifecycle Number of Views Previously configured email alerts are no longer triggering in RSA Web Threat Detection Number of Views Objects previously collected by Account Collectors and Entitlement Collectors in 6.x are rejected in 7.x of RSA Identity G… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
