Article Number
000030800
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
The option to clean up unresolvable users fails with an error.
Log file reports a time out:
2015-03-02 05:37:24,881, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (GenericAccessSQL.java:141), trace.com.rsa.ims.admin.dal.sql.GenericAccessSQL, ERROR, loninrsap04.uk.db.com,,,,Error performing action: SystemActionKey[READ_PRINCIPAL]
java.sql.SQLException: The transaction is no longer active - status: 'Rolled back. [Reason=weblogic.transaction.internal.TimedOutException: Transaction timed out after 600 seconds
BEA1-0E9C366C88FD4262E80E]'. No further JDBC access is allowed within this transaction.
at weblogic.jdbc.wrapper.JTSConnection.checkIfRolledBack(JTSConnection.java:198)
at weblogic.jdbc.wrapper.JTSConnection.checkConnection(JTSConnection.java:210)
at weblogic.jdbc.wrapper.JTSConnection.prepareStatement(JTSConnection.java:546)
at com.rsa.ims.instrumentation.monitor.InstrumentedConnectionProxy.prepareStatement(InstrumentedConnectionProxy.java:197)
at com.rsa.ims.common.database.SavePointConnectionProxy.prepareStatement(SavePointConnectionProxy.java:146)
at com.rsa.ims.admin.dal.sql.PrincipalAccessSQL.lookupDataAttribute(PrincipalAccessSQL.java:2563)
at com.rsa.ims.admin.iscleanup.resolution.SuccessfulResolution.finish(SuccessfulResolution.java:36)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.finishContext(IdentitySourceCleanupControllerImpl.java:254)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.trustedResolvePrincipals(IdentitySourceCleanupControllerImpl.java:233)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.resolvePrincipals(IdentitySourceCleanupControllerImpl.java:160)
at com.rsa.admin.GetUnresolvablePrincipalsCommand$Executive.performExecute(GetUnresolvablePrincipalsCommand.java:388)
at com.rsa.admin.GetUnresolvablePrincipalsCommand.performExecute(GetUnresolvablePrincipalsCommand.java:337)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:121)
Cause
The parameter com.rsa.admin.GetUnresolvablePrincipalCommand is used internally to get a list of unresolvable principles and this command has timed out while retrieving the list of principles in current environment.
Resolution
To increase the time out for the parameter com.rsa.admin.GetUnresolvablePrincipalCommand the following steps can be performed by an administrator at the command line.
- Logon to the SecurID Appliance either with an SSH session or at the local console.
- Retrieve the password for the rsa_dba user using the following command:
/opt/rsa/am/rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password>
- Login to the database:
rsaadmin@marge:/opt/rsa/am/utils> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba
Password for user rsa_dba:
psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
db=#
- At the db=# prompt, enter the following SQL statements can be used to check if the global parameter exists before inserting the parameter into the primary instance:
db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout';
id | instance_id | name | value
----------------------------------+------------------+---------------------+-------------------------------
248ecb9c031d2c0a00780ca2b20d7326 | 0000-Global-0000 | ims.command.timeout | com.rsa.batchjob.DeleteBatchJobCommand,3600
5c98277231ac640a0124bbbf733e99a0 | 0000-Global-0000 | ims.command.timeout | com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000
(2 rows)
db=#
-
Insert the following parameter into the database:
db=#INSERT INTO RSA_REP.IMS_CONFIG_VALUE (id, instance_id, name, value) values (‘5c98277231ac640a012bbbf733e99a1’, ‘0000-Global-0000’, ‘ims.command.timeout’, ‘com.rsa.admin.GetUnresolvablePrincipalsCommand,3600’);
INSERT 1
db=#
- Confirm that the insert worked:
db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout';
id | instance_id | name | value
----------------------------------+------------------+---------------------+----------------------------------------------------------------------
248ecb9c031d2c0a00780ca2b20d7326 | 0000-Global-0000 | ims.command.timeout | com.rsa.batchjob.DeleteBatchJobCommand,3600
5c98277231ac640a0124bbbf733e99a0 | 0000-Global-0000 | ims.command.timeout | com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000
5c98277231ac640a012bbbf733e99a1 | 0000-Global-0000 | ims.command.timeout | com.rsa.admin.GetUnresolvablePrincipalsCommand,3600
(3 rows)
db=#
- Quit the database:
db=# \q
- Restart the Authentication Manager services:
/opt/rsa/am/server/rsaserv restart all
Notes