This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Error "System was modified beyond the allowed threshold, cannot decrypt" on RSA Authentication Manager 8.x

Article Number

000039704

Applies To

Applies To

RSA Product Set: SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition: 8.x

Issue

  • RSA Authentication manager fails to boot as usual and errors "com.rsa.ims.security.keymanager.sys.SystemModificationThresholdException: System was modified beyond the allowed threshold, cannot decrypt." during RSA Authentication Manager 8.x bootup 

Image descriptionImage description
  • RSA Authentication Manager services fail to start 
  • RSA Authentication Manager Server does not allow reverting to default certificate.
Image descriptionImage description

Cause

The RSA Authentication Manager 8.x software knows the hardware (or virtual hardware) on which it is installed, so moving the virtual appliance from one ESX host to another (with regards to a VMware environment) will cause a problem with the Authentication Manager system fingerprint. The most common change is the MAC address of the virtual network card.

Resolution

An administrator is required to use the command rsautil manage-secrets –a recover to reset the system fingerprint.

Using the steps in 000038244 - SSH to an RSA Authentication Manager server, use the rsaadmin account to logon to the operating system hosting the Authentication Manager instance. 
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system user password>
Last login: Thu May 20 09:18:20 2021 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
  1. Go to /opt/rsa/am/utils.
  2. Use the command ./rsautil manage-secrets –a recover to restore the system fingerprint.
rsaadmin@am85:> cd /opt/rsa/am/utils
rsaadmin@am85:/opt/rsa/am/utils> ./rsautil manage-secrets -a recover
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>
Machine fingerprint restored successfully.
  1. Go to /opt/rsa/am/server and restart all RSA Authentication Manager services for the change to take effect How to stop, start, and restart RSA Authentication Manager 8.x services at the command line
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-06-01 11:29 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.