This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Announcements
SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
- RSA Community
- :
- Products
- :
- SecurID
- :
- Knowledge Base
- :
- Access denied error when running sync-tokens command in Authentication Manager 8.x
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Access denied error when running sync-tokens command in Authentication Manager 8.x
Article Number
000029022
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Symptoms
- When trying to run the sync-tokens command with a super admin account, an access denied message is displayed.
- The super admin credentials, as well as other parameters, are entered in one line via command line. For example,
./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o /var/tmp/tokens.log -a -l
- The super admin user can run ./rsautil manage-oc-administrators with the same super admin account.
- The /opt/rsa/am/utils/logs/imsCluTrace.log shows following error:
@@@2014-11-07 10:19:32,929, [Main Thread], (EJBRemoteTargetBase.java:178), trace.com.rsa.command.EJBRemoteTargetBase, ERROR,SecurID.xxxxxx.com,,,,Exception during command execution.
com.rsa.authn.AuthenticationCommandException: Access Denied
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_1211_WLStub.executeCommand(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at com.sun.proxy.$Proxy0.executeCommand(Unknown Source)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:251)
at com.rsa.command.EJBRemoteTargetBase$CommandExecutor.run(EJBRemoteTargetBase.java:1)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167)
at com.rsa.command.DelegatingCommandTarget.executeCommand(DelegatingCommandTarget.java:66)
at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297)
at com.rsa.authn.LoginCommand.execute(LoginCommand.java:611)
at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:158)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758)
at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740)
at com.rsa.command.ConnectionFactory.connect(ConnectionFactory.java:456)
at com.rsa.authmgr.admin.tools.SyncTokens.login(SyncTokens.java:66)
at com.rsa.authmgr.admin.tools.SyncTokens.main(SyncTokens.java:181)
Caused by: com.rsa.authn.AuthenticationCommandException: Access Denied
at com.rsa.authn.LoginCommand$Executive.execute(LoginCommand.java:775)
at com.rsa.authn.LoginCommand.performExecute(LoginCommand.java:679)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119)
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373)
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:696)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Cause
The error shown in /opt/rsa/am/utils/logs/imsCluTrace.log indicates that incorrect credentials were entered. Since the password is provided as a parameter in command line, if it contains some special characters, like $, it will cause unexpected errors.
Resolution
Do not provide super admin credentials in command line; instead, use interactive mode to run the sync-tokens command. For example,
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil sync-tokens -I Authenticator Bulk Synchronization Utility 8.2.1.8.0 (1398219) Copyright (C) 1994 - 2016 EMC Corporation. All Rights Reserved. Enter the absolute path for the output report file : /tmp/tokensync.txt Enter the base security domain name for recursive search [(none)]: none Enter the type of token selection [ (all) | file ]: all Choose a token filter [ assigned | unassigned | (both) ]: both What action do you wish to perform? [ (list) | modify ]: list Enter administrator user ID : administrator Enter administrative password : *********
Tags (47)
- 8.x
- AM
- Appliance
- Auth Manager
- Authentication Manager
- Break Fix
- Break Fix Issue
- Broken
- Config
- Config Error
- Config Failure
- Configuration
- Configuration Error
- Configuration Failed
- Configuration Failure
- Configuration Help
- Configuration Issue
- Configuration Problem
- Configuring Issue
- Configuring Problem
- Customer Support Article
- Error
- Error Configuring
- Error During Configuration
- Error Message
- Failed Config
- Failed Configuration
- Issue
- Issue Configuring
- Issues
- KB Article
- Knowledge Article
- Knowledge Base
- Problem
- RSA AM
- RSA Auth Manager
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
- RSA SecurID Suite
- SecurID
- SecurID Access
- SecurID Appliance
- SecurID Suite
- Setup Issue
- Version 8
- Version 8.x
No ratings
