SergioMartinez (Customer) asked a question.
Upgrading from 8.7 SP2 to 8.8 Error: "Failed to prepare the Update" Fix
The following worked for me when you try to upgrade from 8.7 SP2 to 8.8..
If you find the following entry under "Advance Status View log" after your update fails
=== Prerequisites: Couldn't upgrade because of failed validation of the MFA API credential. For more details, refer to the log output.===
Follow the Resolution steps on this document:
The MFA API credential validation check fails when the access old IDand access old Keyare set to 'null'
Verbatim issue with our deployment.
I'm fully convinced this is a RSA R&D 8.8 bug that they purely covered up with a article, but at least everything else on the IPU worked without a hitch.
If your password has an exclamation point (!) in the password, it may fail. Try using a password that doesn't include a ! or has it as the last character.
Some customers reported that the solution does not work in their environments when the absolute path is used. The option to first navigate to /opt/rsa/am/utils and then run the command as ./rsautil manage-rest-access-credential -a generate -u <admin> -p <password> works for those customers.
Can anyone at RSA tell us if we should proactively run this prior to upgrading to 8.8??? I get a different answer depending on who you talk to with RSA support.
Following up here. Can the RSA team confirm? @EricaChalfin (RSA)
The fix and workaround described here:
https://community.rsa.com/s/article/RSA-Authentication-Manager-fails-to-upgrade-to-version-8-8-with-ERROR-auth-manager-rest-service-old-access-key-is-not-found
would not work in our case.
Executing of command:
/opt/rsa/am/utils/rsautil manage-rest-access-credential -a list-u <admin> -p <password>
or
/opt/rsa/am/utils/rsautil manage-rest-access-credential -a generate -u <admin> -p <password>
results in: -bash: !SP: event not found
Can you please advise?
I always open case Case Number 02670288 by RSA support for it.
Kind regards
Christopher Köber
Try command up to here:
/opt/rsa/am/utils/rsautil manage-rest-access-credential -a generate
It should prompt you for admin account and password after that.
/opt/rsa/am/utils/rsautil manage-rest-access-credential -a list
Hi Sergio,
thanks for your reply.
without credential parameters I got a Access Denied even I used the Operating System User.
And same with Operations Console Admin (ocadmin) 😯
Am I missing something?
I got my problem now fixed by restore-admin account. See also How-to-recover-when-RSA-Authentication-Manager-8-x-system-passwords-are-not-known-or-are-lost
I entered:
/opt/rsa/am/utils/rsautil restore-admin -V -u rsaadmin -p <password>
Please enter OC Administrator username: ocadmin
Please enter OC Administrator password: ************************
A temporary admin will be created with user ID 'rsaadmin'.
Are you sure you want to continue? (Y/N): y
Admin created successfully.
*****************************************************************************
Note
1) The 'rsaadmin's console access will expire on Fri Jun 20 10:45:38 CEST 2025.
2) Console authentication policy is changed to RSA_Password/LDAP_Password. In order to make the policy change effective please flush the cache through operations console.
*****************************************************************************
After that I was able to successfully generated the RSA SecurID REST Access credential. 👍
/opt/rsa/am/utils/rsautil manage-rest-access-credential -a generate
Admin username: rsaadmin
Admin password: ********************************
Successfully generated the RSA SecurID REST Access credential. 👍
The only concern I have is about the Note:
1) The 'rsaadmin's console access will expire on Fri Jun 20 10:45:38 CEST 2025.
Will my rsaadmin now expire after that day and I'm not able to login anymore?
Thanks
Hi,
Yes this has set my Operating system user "rsaadmin" to Temporary Admin with an Expire date of 24h.
You can set it back to "Does not expire" in Security Console > Users > under internal database check whether rsaadmin appears as a temporary administrator user:
Now I was able to successful install AM8.8 and AM8.8 P01 👍