The RSA Identity Governance & Lifecycle server fails to start (or restart) with the following message:
$ acm status ● aveksa_server.service - Aveksa Server
Loaded: loaded (/etc/systemd/system/aveksa_server.service; enabled; vendor preset: disabled) Active: failed since Fri 2018-12-28 14:03:06 EST; 3 s ago Process: 22611 ExecStop=/etc/init.d/aveksa_server stop (code=exited, status=0/SUCCESS) Process: 23000 ExecStart=/etc/init.d/aveksa_server start (code=exited, status=1/FAILURE) Main PID: 23000 (code=exited, status=0/SUCCESS)
Dec 28 14:02:11 acm-710 su: aveksa_server : verifying Oracle and system time match … Dec 28 14:02:36 acm-710 su: (to oracle) root on none Dec 28 14:02:36 acm-710 su: aveksa_server  Database and Web are outside time buffer ( 15 seconds ) Dec 28 14:03:00 acm-710 su: aveksa_server  Database: 12-28-2018 14:03:03 -0600 < Web : 12-28-2018 14:04:43 -0600 Dec 28 14:03:00 acm-710 su: aveksa_server  [ Startup Failed] Dec 28 14:03:06 acm-710 aveksa_server: aveksa_server.service: Main process started, code=existed, status=1/FAILURE Dec 28 14:03:06 acm-710 aveksa_server: Failed to start Aveksa Server Dec 28 14:03:06 acm-710 aveksa_server: aveksa_server.service: Unit entered failed state: Dec 28 14:03:06 acm-710 aveksa_server: aveksa_server.service: Failed with result ‘exit-code’:
This is by design. The server is prevented from starting if the time on the Application server and the time on the Oracle database server are off by more than 15 seconds.
This may occur when a remote database is in use and the time on the Oracle database server is different than the time on the Application server. More specifically, since the machine time is set by the Network Time Protocol (NTP) service, this means that the time is being reported incorrectly by one of theNTP servers. Run the ntpq command on both the Application server and the Oracle database server to identify which server is reporting the wrong time.
acm-710:~ # ntpq -p
remote refid st t when poll reach delay offset jitter
perturb.org .INIT. 16 u - 1024 0 0.000 0.000 0.000
The ntpq command also returns the name of theNTP server used by the machine. As a best practice, use the same NTP source for both the Application server and for the Oracle database server wherever possible. This will ensure that both machines are in sync should one of the NTP sources be unreliable.
RSA does not recommend working around this issue by adjusting the machine time.
Note that on an RSA Identity Governance & Lifecycle software appliance with an external database, the customer is responsible for ensuring the operating system and machine are configured correctly. If there are issues identifying a definitive NTP source for time synchronization, the customer should defer to their IT department for guidance.