This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
MattEvangelisti
Beginner
Beginner
‎2017-05-17 06:28 PM

AM Update to 8.2 from 8.1 SP1 Patch 10 Failed

Jump to solution

Can you apply 8.2 on top of 8.1 SP1 Patch 10?

 

My update just failed.

 

Log attached.

 

Please help, thanks!

Labels (1)
rsa-update-log.txt.zip
0 Likes
Reply
1 Solution

Accepted Solutions
MattEvangelisti
Beginner
Beginner
‎2017-05-18 05:23 PM

Jump to solution

Thank you Edward and Erica.

 

It looks like a previous administrator created the directory "old" as ROOT to backup diagnostic files in. Problem is, updates are run as rsaadmin, so of course it did not have permissions to delete the file (not sure why it needs to, either).

 

It's unfortunate that this would make the entire update fail, or that it was allowed to get to a point where it couldn't roll back. Luckily I had crated a snapshot before starting.

 

I think it might be a good idea to implement a file and folder permissions check on the FS into that "Preparing for update..." stage.

 

Solution was:

  1. Shutdown
  2. Rollback to snapshot
  3. Power on
  4. Sync Replica
  5. Check Replica status is Normal
  6. Shutdown
  7. Delete snapshot
  8. Create fresh snapshot
  9. Power on
  10. Manually delete "old directory"
  11. Apply update

View solution in original post

0 Likes
Reply
5 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2017-05-17 10:28 PM

Jump to solution

Matthew Evangelisti‌,

 

According to the RSA Authentication Manager 8.2 Setup and Configuration Guide ou can apply the RSA Authentication Manager 8.2 upgrade patch to any hardware appliance or virtual appliance that has RSA Authentication Manager 8.1 Service Pack 1 (SP1) software.

 

I would recommend that you https://community.rsa.com/docs/DOC-1294 and open a case so that a support engineer can assist you.

 

Regards,

Erica

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2017-05-18 08:47 AM

Jump to solution

Yes you should be able to.

 

The error is specifically this:

 

Exception in thread "Main Thread" : Unable to delete file /opt/rsa/am/server/servers/AdminServer/data/store/diagnostics/old/WLS_DIAGNOSTICS000000.DAT

 

Not sure what to say about it, but this is what the patch is complaining about.

 

Try this: if it rolled back and the system is up and running again on 8.1 sp1 p10

 

See if you can install/upgrade 8.1 sp1 patch 15 (and if so, install 8.2 on top of that)

0 Likes
Reply
MattEvangelisti
Beginner
Beginner
‎2017-05-18 05:23 PM

Jump to solution

Thank you Edward and Erica.

 

It looks like a previous administrator created the directory "old" as ROOT to backup diagnostic files in. Problem is, updates are run as rsaadmin, so of course it did not have permissions to delete the file (not sure why it needs to, either).

 

It's unfortunate that this would make the entire update fail, or that it was allowed to get to a point where it couldn't roll back. Luckily I had crated a snapshot before starting.

 

I think it might be a good idea to implement a file and folder permissions check on the FS into that "Preparing for update..." stage.

 

Solution was:

  1. Shutdown
  2. Rollback to snapshot
  3. Power on
  4. Sync Replica
  5. Check Replica status is Normal
  6. Shutdown
  7. Delete snapshot
  8. Create fresh snapshot
  9. Power on
  10. Manually delete "old directory"
  11. Apply update
0 Likes
Reply
SGTech
Respected Contributor
Respected Contributor
In response to MattEvangelisti
‎2017-05-23 04:55 AM

Jump to solution

Hi Matt, we should not touch any thing in the OS or any changes or permissions or any thing in the RSA appliance as the OS is specially designed for 2FA solution. please don't create any folder.

 

 

thanks

Reply
MattEvangelisti
Beginner
Beginner
In response to SGTech
‎2017-05-23 02:12 PM

Jump to solution

Agreed, but since it is possible to do, people will do it anyway.

 

In my case (and I'm sure many other's), it hard to know who has touched the system since multiple people manage these VMs across a team. I had no way of knowing the FS was modified 2 years ago by someone who no longer works at the company.

 

For both of those reasons, doesn't it make sense to add a simple permissions check on the filesystem to the upgrade script, before the upgrade executes? (Perhaps during the "Preparing for upgrade..." step)

 

Especially since permission integrity is so sensitive (literally a folder was added) and will determine the success of the upgrade which has no option to rollback.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.