Upgrading to SP1 on the RSA Authentication Manager 8.2 fails at the RADIUS configuration step and the rollback fails as well.The server becomes completely unusable.
The Update-8.2.1 log file (available from the Operations Console under Maintenance > Update & Rollback by clicking on the View Details link), shows the following errors:
Configuration step RadiusOCConfig.configureActualRADIUSServerUpgrade [FAILED] and "com.rsa.authmgr.radius.exception.RadiusSystemException: Unable to connect to RADIUS server within the given timeout".
----
----
[exec] 125407 2017-10-08 06:40:38,259 FATAL:
[exec] The RADIUS server never successfully responded after 2 minutes of trying: com.rsa.authmgr.radius.exception.RadiusSystemException: Unable to connect to RADIUS server within the given timeout
[exec] java.lang.AssertionError: The RADIUS server never successfully responded after 2 minutes of trying: com.rsa.authmgr.radius.exception.RadiusSystemException: Unable to connect to RADIUS server within the given timeout
[exec] at com.rsa.plugins.install.CommandLineInstallEngine.fail(CommandLineInstallEngine.groovy:282)
[exec] at com.rsa.plugins.install.CommandLineInstallEngine$fail.call(Unknown Source)
[exec] at com.rsa.plugins.install.GroovyInstallEngine.fail(GroovyInstallEngine.groovy:31)
[exec] at com.rsa.plugins.install.GroovyInstallEngine$_buildScriptEnvironment_closure5.doCall(GroovyInstallEngine.groovy:159)
[exec] at ServiceControl.waitForRadiusToStart(ServiceControl.groovy:375)
[exec] at ServiceControl.startRadius(ServiceControl.groovy:298)
[exec] at ServiceControl.startRadius(ServiceControl.groovy)
[exec] at ServiceControl$startRadius.call(Unknown Source)
[exec] at RadiusOCConfig.configureActualRADIUSServerUpgrade(RadiusOCConfig.groovy:655)
[exec] at com.rsa.plugins.install.GroovyInstallEngine.invokeScript(GroovyInstallEngine.groovy:68)
[exec] at com.rsa.plugins.install.GroovyInstallEngine$_runTask_closure2.doCall(GroovyInstallEngine.groovy:57)
[exec] at com.rsa.plugins.install.GroovyInstallEngine.runTask(GroovyInstallEngine.groovy:56)
[exec] at com.rsa.plugins.install.GroovyInstallEngine$_runTasks_closure3.doCall(GroovyInstallEngine.groovy:106)
[exec] at com.rsa.plugins.install.GroovyInstallEngine.runTasks(GroovyInstallEngine.groovy:105)
[exec] at com.rsa.plugins.install.GroovyInstallEngine$runTasks.call(Unknown Source)
[exec] at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40)
[exec] Configuration step RadiusOCConfig.configureActualRADIUSServerUpgrade [FAILED]
-----
-----
at com.rsa.plugins.install.CommandLineInstallEngine.main(CommandLineInstallEngine.groovy:40) Configuration step UpdateRollback:update [FAILED]
[ERROR] Error: Failed to invoke update engine: Failed to apply the update. java.lang.Exception: Failed to apply the update.
The RADIUS date.log, located in /opt/rsa/am/radius and named in the format of yyyymmdd.log (e. g., 20180119.log) shows the following errors:
10/08/2017 06:38:38 Version: v6.23.2 10/08/2017 06:38:38 Process ID of daemon is 27892
10/08/2017 06:38:38 Successfully transferred initial_admin_account.dat to vdb
10/08/2017 06:38:38 No administrative users found in /opt/rsa/am/radius/access.ini 10/08/2017 06:38:38 No administrative groups found in /opt/rsa/am/radius/access.ini 10/08/2017 06:38:38 IPv6 enabled
10/08/2017 06:38:38 Auto-configuring server IPv4 addresses
10/08/2017 06:38:38 Configured server IP address: xx.xx.1xx.yy7
10/08/2017 06:38:38 Auto-configuring server IPv6 addresses
10/08/2017 06:38:38 Initialization Warning - could not determine IPv6 address for this host, DNS returned no usable addresses 10/08/2017 06:38:39 Successfully created and closed saved-dcts.bin
10/08/2017 06:38:39 Evaluation period will expire on 2018-03-07
10/08/2017 06:38:39 Licensed for Enterprise Edition
10/08/2017 06:38:39 Failure encountered in attempt to read IP address for RAS client abc-xxS323.xyz.abs.com from the database
10/08/2017 06:38:39 Failed to initialize CRasClients object for RAS clients 10/08/2017 06:38:39 Unable to initialize RAS client database cache
10/08/2017 06:38:39 Failed to initialize Radius administration infrastructure
10/08/2017 06:38:39 Initialization failure, server shutting down
10/08/2017 06:38:39 Server shut down after failure -----
10/08/2017 06:48:37 Version: v6.23.2
10/08/2017 06:48:37 Process ID of daemon is 6134 10/08/2017 06:48:37 No administrative users found in /opt/rsa/am/radius/access.ini 10/08/2017 06:48:37 No administrative groups found in /opt/rsa/am/radius/access.ini
10/08/2017 06:48:37 Auto-configuring server IPv4 addresses
10/08/2017 06:48:37 Configured server IP address: xx.xx.1xx.yy7
10/08/2017 06:48:37 Successfully restored dictionary information from saved dict file
10/08/2017 06:48:37 Evaluation period will expire on 2018-03-07
10/08/2017 06:48:37 Licensed for Enterprise Edition
10/08/2017 06:48:37 Failure encountered in attempt to read IP address for RAS client abc-xxS323.xyz.abs.com from the database rsaadmin@phx-rsaprm-001:/opt/rsa/am/radius>
The upgrade fails because the installation script fails to find the IP address of a RADIUS client. The RADIUS client is configured without an IP address in the Authentication Manager database.
- Gather the RADIUS date.log file by either:
- From the Operations Console select Administration > Download Troubleshooting Files.
- Under Select Items, choose Authentication Manager log files and define a date range, ensuring it includes the date the upgrade was attempted.
- Create a password and confirm it.
- Click Generate and Download Zip file.
- Using the password, open the .zip file then extract the RADIUS date.log.
- Open an SSH session or direct connection to the Authentication Manager server, navigate to /opt/rsa/am/radius.
- Locate the RADIUS date.log from the date the upgrade was attempted and open with vi or using WInSCP, copy it to your local machine.
- Open the RADIUS date.log file.
- Look for the error that suggests that the upgrade is failing to get the IP address of the RADIUS client:
Failure encountered in attempt to read IP address for RAS client xxS323.xyz.abs.com from the database.
- Restore the Authentication Manager 8.2 server from a snapshot.
- Log on to Security Console.
- Navigate to RADIUS > RADIUS Clients > Manage Existing.
- Search for the RADIUS client that appeared in the RADIUS date.log from step 3.
- Click on the context arrow and select Edit.
- You will notice that the IP address field is blank. Add the valid IP address for RADIUS client and click Save.
- Take a snapshot of the server.
- Perform the SP1 upgrade in the Operations Console. This time the upgrade will be successful.