Article Number
000067912
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.6
Issue
If trusted root certificate except default is imported, "Internal Replication Error" occurs after AM8.6 upgrades.
(e.g.)
Image description
Cause
Because a duplicate error occurs when trying to replicate a certificate that has already been reflected on the replica side from the primary side again.
Resolution
Removing the trusted root certificate on replica side.
Workaround
1. Upgrade both primary and replica to 8.6.
2. Check the replication, if it failed with the related to trusted root certificate (e.g. cert_RADIUS-Root-Cert.der), then login to the database on each REPLICA, run like this command:
delete from ims_certificates where name='cert_RADIUS-Root-Cert.der' and purpose ='RADIUS_TRUST_CERT' and ref_id ='NULL';
3. Then login to PRIMARY database, run this sql:
update RSA_REP.IMS_INSTANCE set deployed_state='out_of_sync' where is_primary='FALSE';
4. Then you should be able to synch the primary to replica in OC.
Notes
The upgrade from AM8.5 to AM8.6 changes the RADIUS from SBR to FreeRADIUS, and the upgrade kit reflects the imported trusted root certificate on the replica side also during the migration process. After the upgrade is completed then reboots, the replica side already has the imported trusted root certificate, which causes a double error for the trusted root certificate then replication status becomes Internal replication error.
You can see the similar messages into ReplicaReplication.log.
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "uk_ims_certificates" Detail: Key (name, purpose, ref_id)=(cert_RADIUS-Root-Cert.der, RADIUS_TRUST_CERT, NULL) already exists. |
There is no Migration process from AM8.6 to AM8.7, so even if the trusted root certificate has already been imported, there will be no problem in replication after the upgrade.