SecurID^® Discussions

YuryMakarov · ‎2016-04-08

Hello!

I have installed & Primary Setup RSA SecurID appliance ver. 3.0.4.10 successfully. When I logged into https://rsaapliance.domain.local:7072/operation-console its gives me message as

Error 404-not Found

From RFC 2068 Hypertext Transfer Protocol - HTTP/1.1

10.4.5.404 not Found

And how can I upgrade appliance to the latest version?

_EricaChalfin · ‎2016-04-08

Yuri,

This is how I found the ops-console.log and AdminServer.log on my lab system:

login as: emcsrv
emcsrv@cs-appliance3-01.na.rsa.net's password: <enter OS user password>
Last login: Fri Apr 8 09:23:18 2016 from 10.96.48.168
-bash-3.00$ sudo su - rsaadmin
Password: <enter OS user password>
-bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/imsoc/logs
-bash-3.00$ ls -al ops-console.log
-rwxrwxrwx 1 rsaadmin rsaadmin 1859472 Aug 27 2015 ops-console.log

-bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/server/logs

-bash-3.00$ ls -al AdminServer.log

-rw------- 1 rsaadmin rsaadmin 4440040 Apr 8 11:00 AdminServer.log

If you don't see the files that way, what happens if you cd to /usr/local/RSASecurity/RSAAuthenticationManager and run this command?

find . -name <filename> -print

As I mentioned the R210 can be upgraded from 3.0 to 8.1, if you want to stay with the hardware option. If you want to move to virtual servers, you can do that too. Please review the RSA Authentication Manager 8.1 Migration Overview for some general information on the migration. The RSA Authentication Manager 8.1 Migration Resources page has links for all of the Authentication Manager 8.1 documentation, links to request a trial license, to download software, the SP1 service pack and recent patches, as well as some helpful videos that go through the migration step by step.

Regards,

Erica.

View solution in original post

_EricaChalfin · ‎2016-04-08

Yuri,

Take a look at the /usr/local/RSASecurity/RSAAuthenticationManager/imsoc/logs/ops-console.log. Do you see the following error?

Cannot access HTTP invoker remote service at [https://<FQDN_of_the_RSA_SecurID_appliance>:7072/operations-console/dispatcher/HttpInvokerRemoteFileTransfer]; nested exception is java.io.StreamCorruptedException: invalid stream header
Caused by:
java.io.StreamCorruptedException: invalid stream header

Also review the /usr/local/RSASecurity/RSAAuthenticationManager/imsoc/servers/AdminServer/logs/AdminServer.log for the following error:

java.lang.RuntimeException: Unable to initialize embedded database

If you are seeing these messages, the only way to recover is to factory reset your RSA SecurID appliance and import a recent backup. RSA customer support can provide more information.

* * *

As far as upgrading your appliances to Authentication Manager 8.1, you do have options. Depending on the hardware you have, you can upgrade the software you have currently to 8.1. Older hardware cannot be upgraded. You can check your version from an SSH session by typing the following command:

omreport chassis info

The entry for chassis model will give you the information you need. Only PowerEdge R210 and PowerEdge R710 models can be upgraded.

If you cannot upgrade your hardware, you can purchase new hardware from RSA or your vendor that runs Authentication Manager 8.1 or, alternatively, download and install Authentication Manager 8.1 on either VMware or Hyper-V virtual servers. The RSA Authentication Manager 8.1.x Migration Resources page provides information on how to upgrade. Please note that if your maintenance agreement is current, there is no charge to you for the new software or for a license upgrade to the new 8.1 format (unless, of course, you want to increase the number of active users allowed in your deployment).

Your current appliance is running at SP4, so you can follow standard steps to migrate to the newer software.

Given the error you are reporting, it may make more sense to stand up a new Authentication Manager 8.1 server and import a backup of your current system to it, rather than rebuilding a server you are planning to move from anyway.

Regards,

Erica

YuryMakarov · ‎2016-04-08

I can not review any logs because the server does not have directory "imsoc"

I checked the version by typing the following command:

omreport chassis info

Chassis Model PowerEdge R210

_EricaChalfin · ‎2016-04-08

Yuri,

This is how I found the ops-console.log and AdminServer.log on my lab system:

login as: emcsrv
emcsrv@cs-appliance3-01.na.rsa.net's password: <enter OS user password>
Last login: Fri Apr 8 09:23:18 2016 from 10.96.48.168
-bash-3.00$ sudo su - rsaadmin
Password: <enter OS user password>
-bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/imsoc/logs
-bash-3.00$ ls -al ops-console.log
-rwxrwxrwx 1 rsaadmin rsaadmin 1859472 Aug 27 2015 ops-console.log

-bash-3.00$ cd /usr/local/RSASecurity/RSAAuthenticationManager/server/logs

-bash-3.00$ ls -al AdminServer.log

-rw------- 1 rsaadmin rsaadmin 4440040 Apr 8 11:00 AdminServer.log

If you don't see the files that way, what happens if you cd to /usr/local/RSASecurity/RSAAuthenticationManager and run this command?

find . -name <filename> -print

As I mentioned the R210 can be upgraded from 3.0 to 8.1, if you want to stay with the hardware option. If you want to move to virtual servers, you can do that too. Please review the RSA Authentication Manager 8.1 Migration Overview for some general information on the migration. The RSA Authentication Manager 8.1 Migration Resources page has links for all of the Authentication Manager 8.1 documentation, links to request a trial license, to download software, the SP1 service pack and recent patches, as well as some helpful videos that go through the migration step by step.

Regards,

Erica.

YuryMakarov · ‎2016-04-11

Erica,

Thank you for your help!

I found the log files

The ops-console.log log file is empty

The AdminServer.log mistake is not specified

YuryMakarov · ‎2016-04-11

NMap tool showed me that the operation-console ports are closed 7071, 7072

_EricaChalfin · ‎2016-04-11

Yury,

From an SSH session, try running /etc/init.d/iptables stop then try again.

Also, cd to /usr/local/RSASecurity/AuthenticationManager/server and run the following command: ./rsaam status all and posting the output.

Regards,

Erica

YuryMakarov · ‎2016-04-11

Erica,

I executed command iptables stop, nothing changed

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

All services in status RUNNING, exept RSA Authentication Manager Radius

ChristopherSalv · ‎2016-04-11

Hello Yury,

You should only be using Internet Explorer when trying to access the admin pages. Chrome and Firefox will complain about the ssl security being weak and unsecure. That's a side effect of using 7.1.4 ( no longer supported as I'm sure you are aware )

Radius will show as stopped until you configure it in the security console so that's normal.

If you stopped the firewall and you still cannot get to the admin pages, that means the local firewall ( iptables ) is not the issue. Do you use a web proxy in your browser, or have a firewall in between your workstation and the AM server? If so make sure the required ports are open between the two. If I had to guess based on what you've noted, I think a firewall is present and blocking ports.

On a side note, I can see you are asking about upgrading to 8.1. There is no upgrade per say, you will need to re-image the appliance with the 8.1 iso file, which can be downloaded from your downloads page here at RSA. This will wipe the drive clean, and install AM 8.1 base.

One important question I have for you would be, are you currently using 7.1.4 in production and wish to get to the latest version via migration/upgrade?

YuryMakarov · ‎2016-04-11

Christopher,

Of course I use Internet Explorer to access the admin pages.

I am do not have a firewall in between my workstation and the AM server.

Moreover, I connected directly to the workstation and server,

but it remains unchanged, the administrator page is not available.

Under what conditions can I get the update to version 8.1 if I have PowerEdge R210?

Can I get an update for free and suitable if I have a license available

SecurID® Discussions

Error 404-not Found

RSA Authentication Manager

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

SecurID^® Discussions