Article Number
000033006
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.x
Issue
An administrator has hit the Update button to push a recent update to the web tier instance and the status remains as:
Updating in progress
Task
There are some initial tasks an administrator can perform before collecting data from the web tier instance.
- Check name resolution on the web tier and Authentication Manager instances using the nslookup command. An administrator is checking whether the fully qualified hostname of all Authentication Manager and web tier instances can be resolved successfully. For example:
[root@rh6-webtier-01 ~]# nslookup am81p.corp.net
Server: 192.168.2.105
Address: 192.168.2.105#53
Name: am81p.corp.net
Address: 192.168.2.150
[root@rh6-webtier-01 ~]#
- Check on the web tier instance for the presence of a listener on port 443/tcp, for example:
[root@rh6-webtier-01 ~]# netstat -ano | grep 443
tcp 0 0 192.168.100.150:443 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:443 0.0.0.0:* LISTEN off (0.00/0/0)
[root@rh6-webtier-01 ~]#
- Check on the Authentication Manager instance for the presence of a listener on port 7022/tcp; for example:
rsaadmin@am81p:~> netstat -ano | grep 7022
tcp 0 0 ::1:7022 :::* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:7022 :::* LISTEN off (0.00/0/0)
tcp 0 0 fe80::250:56ff:fe0:7022 :::* LISTEN off (0.00/0/0)
tcp 0 0 192.168.2.150:7022 :::* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.2:7022 :::* LISTEN off (0.00/0/0)
- Check that the web tier instance can communicate to the 7022/tcp listener on the preferred Authentication Manager instance, using the command openssl s_client -connect <Authentication Manager IP Address>:7022 on web tier deployments where the host operating system is Red Hat Enterprise Linux, where <Authentication Manager IP Address> is the IP address of the Authentication Manager instance.
Resolution
RSA customer support will ask an administrator to collect the following data for review, as well as provide the fully qualified hostname of the web tier and Authentication Manager instances in the deployment, as this information is required when reviewing the data requested.
In the instances below, [WTHOME] is where administrator installed the Authentication Manager web tier software. By default this folder is /opt/RSASecurity/RSAAuthenticationManagerWebtier.
- All the files found in the [WTHOME]/appserver/logs folder.
- The imsTrace.log file found in the [WTHOME]/webtierBootstrapper/n.n.n.n.n/logs folder (where n.n.n.n.n represents the latest patch version; for example, 8.1.1.4.0 represents Authentication Manager 8.1 Service Pack 1 patch 4).
- All the *.log files from the [WTHOME]/server/logs folder.
- All the *.log files from the [WTHOME]/server/servers/AdminServer/logs folder.
- All the *.log files from the [WTHOME]/server/servers/AdminServer/data/ldap/log folder.
Administrators can use a secure FTP client to copy the requested data from the SecurID Appliance where it is recommended to created an encrypted, password-protected zip file that can be securely provided to RSA Customer Support.
IMPORTANT: RSA Customer Support will require the password used to protect the zip file in either verbal communication or another email (where an email was used to send the zip file). Alternatively, the zip file can be uploaded to the RSA secure site using the RSA knowledge article How to upload files onto RSA Secure FTP (SFTP) site for review by Customer Support where the password is placed in the comments field.
