This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Clean up unresolvable users fails due to timeout in RSA Authentication Manager 8.x

Article Number

000030800

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
 

Issue

The option to clean up unresolvable users fails with an error.

Log file reports a time out:
2015-03-02 05:37:24,881, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (GenericAccessSQL.java:141), trace.com.rsa.ims.admin.dal.sql.GenericAccessSQL, ERROR, loninrsap04.uk.db.com,,,,Error performing action: SystemActionKey[READ_PRINCIPAL]
java.sql.SQLException: The transaction is no longer active - status: 'Rolled back. [Reason=weblogic.transaction.internal.TimedOutException: Transaction timed out after 600 seconds
BEA1-0E9C366C88FD4262E80E]'. No further JDBC access is allowed within this transaction.
at weblogic.jdbc.wrapper.JTSConnection.checkIfRolledBack(JTSConnection.java:198)
at weblogic.jdbc.wrapper.JTSConnection.checkConnection(JTSConnection.java:210)
at weblogic.jdbc.wrapper.JTSConnection.prepareStatement(JTSConnection.java:546)
at com.rsa.ims.instrumentation.monitor.InstrumentedConnectionProxy.prepareStatement(InstrumentedConnectionProxy.java:197)
at com.rsa.ims.common.database.SavePointConnectionProxy.prepareStatement(SavePointConnectionProxy.java:146)
at com.rsa.ims.admin.dal.sql.PrincipalAccessSQL.lookupDataAttribute(PrincipalAccessSQL.java:2563)
at com.rsa.ims.admin.iscleanup.resolution.SuccessfulResolution.finish(SuccessfulResolution.java:36)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.finishContext(IdentitySourceCleanupControllerImpl.java:254)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.trustedResolvePrincipals(IdentitySourceCleanupControllerImpl.java:233)
at com.rsa.ims.admin.iscleanup.impl.IdentitySourceCleanupControllerImpl.resolvePrincipals(IdentitySourceCleanupControllerImpl.java:160)
at com.rsa.admin.GetUnresolvablePrincipalsCommand$Executive.performExecute(GetUnresolvablePrincipalsCommand.java:388)
at com.rsa.admin.GetUnresolvablePrincipalsCommand.performExecute(GetUnresolvablePrincipalsCommand.java:337)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:121)

Cause

The parameter com.rsa.admin.GetUnresolvablePrincipalCommand is used internally to get a list of unresolvable principles and this command has timed out while retrieving the list of principles in current environment.

Resolution

To increase the time out for the parameter com.rsa.admin.GetUnresolvablePrincipalCommand the following steps can be performed by an administrator at the command line.
  1. Logon to the SecurID Appliance either with an SSH session or at the local console.
  2. Retrieve the password for the rsa_dba user using the following command:
/opt/rsa/am/rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password>
  1. Login to the database:
    rsaadmin@marge:/opt/rsa/am/utils> /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba
    Password for user rsa_dba:
    psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
    Type "help" for help.
    db=#
  1. At the db=# prompt, enter the following SQL statements can be used to check if the global parameter exists before inserting the parameter into the primary instance:
db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout';
                id                | instance_id     |        name |                     value
----------------------------------+------------------+---------------------+-------------------------------
248ecb9c031d2c0a00780ca2b20d7326  | 0000-Global-0000 | ims.command.timeout | com.rsa.batchjob.DeleteBatchJobCommand,3600
5c98277231ac640a0124bbbf733e99a0  | 0000-Global-0000 | ims.command.timeout | com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000
(2 rows)
db=#

  1. Insert the following parameter into the database:

    db=#INSERT INTO RSA_REP.IMS_CONFIG_VALUE (id, instance_id, name, value) values (‘5c98277231ac640a012bbbf733e99a1’, ‘0000-Global-0000’, ‘ims.command.timeout’, ‘com.rsa.admin.GetUnresolvablePrincipalsCommand,3600’);
    INSERT 1
    db=#

  2. Confirm that the insert worked:
db=# SELECT * FROM RSA_REP.IMS_CONFIG_VALUE WHERE name = 'ims.command.timeout';
id | instance_id | name | value
----------------------------------+------------------+---------------------+----------------------------------------------------------------------
248ecb9c031d2c0a00780ca2b20d7326 | 0000-Global-0000 | ims.command.timeout | com.rsa.batchjob.DeleteBatchJobCommand,3600
5c98277231ac640a0124bbbf733e99a0 | 0000-Global-0000 | ims.command.timeout | com.rsa.authmgr.admin.acemigrate61.Migrate61PreMigrationCommand,5000
5c98277231ac640a012bbbf733e99a1 | 0000-Global-0000 | ims.command.timeout | com.rsa.admin.GetUnresolvablePrincipalsCommand,3600
(3 rows)
db=#
  1. Quit the database:
db=# \q
  1. Restart the Authentication Manager services:
/opt/rsa/am/server/rsaserv restart all

Notes


 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 12:37 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.