This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

'Database and Web are outside time buffer (15 seconds)' error when starting RSA Identity Governance & Lifecycle

Article Number

000037062

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.x
 

Issue

The RSA Identity Governance & Lifecycle server fails to start (or restart) with the following message:
 
$ acm status
● aveksa_server.service - Aveksa Server
Loaded: loaded (/etc/systemd/system/aveksa_server.service; enabled; vendor preset: disabled)
Active: failed since Fri 2018-12-28 14:03:06 EST; 3 s ago
Process: 22611 ExecStop=/etc/init.d/aveksa_server stop (code=exited, status=0/SUCCESS)
Process: 23000 ExecStart=/etc/init.d/aveksa_server start (code=exited, status=1/FAILURE)
Main PID: 23000 (code=exited, status=0/SUCCESS)
Dec 28 14:02:11 acm-710 su[24315]: aveksa_server [24315]: verifying Oracle and system time match …
Dec 28 14:02:36 acm-710 su[24521]: (to oracle) root on none
Dec 28 14:02:36 acm-710 su[24521]: aveksa_server [24315] Database and Web are outside time buffer ( 15 seconds )
Dec 28 14:03:00 acm-710 su[24686]: aveksa_server [24315] Database: 12-28-2018 14:03:03 -0600 < Web : 12-28-2018 14:04:43 -0600
Dec 28 14:03:00 acm-710 su[24686]: aveksa_server [24315] [ Startup Failed]
Dec 28 14:03:06 acm-710 aveksa_server[23000]: aveksa_server.service: Main process started, code=existed, status=1/FAILURE
Dec 28 14:03:06 acm-710 aveksa_server[23000]: Failed to start Aveksa Server
Dec 28 14:03:06 acm-710 aveksa_server[23000]: aveksa_server.service: Unit entered failed state:
Dec 28 14:03:06 acm-710 aveksa_server[23000]: aveksa_server.service: Failed with result ‘exit-code’:

 

Cause

This is by design. The server is prevented from starting if the time on the Application server and the time on the Oracle database server are off by more than 15 seconds.
 

Resolution

This may occur when a remote database is in use and the time on the Oracle database server is different than the time on the Application server. More specifically, since the machine time is set by the Network Time Protocol (NTP) service, this means that the time is being reported incorrectly by one of the NTP servers.   Run the ntpq command on both the Application server and the Oracle database server to identify which server is reporting the wrong time.
  
acm-710:~ # ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 perturb.org     .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 

The ntpq command also returns the name of the NTP server used by the machine. As a best practice, use the same NTP source for both the Application server and for the Oracle database server wherever possible. This will ensure that both machines are in sync should one of the NTP sources be unreliable.


 

Workaround

RSA does not recommend working around this issue by adjusting the machine time.


 

Notes

Note that on an RSA Identity Governance & Lifecycle software appliance with an external database, the customer is responsible for ensuring the operating system and machine are configured correctly. If there are issues identifying a definitive NTP source for time synchronization, the customer should defer to their IT department for guidance.
 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 11:43 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.