SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000032631
Applies To
RSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.x
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.x
Issue
Adding a new RADIUS client to RSA Authentication Manager 8.x generates the following error:
Image description
Taken from the /opt/rsa/am/server/logs/imsTrace.log:
The following error is seen when removing a replica instance from the Operations Console that was not attached to the RSA Authentication Manager deployment:
Unexpected error during command com.rsa.authmgr.admin.radius.AddRadiusClientCommand execution
Image description
Exception thrown in the /opt/rsa/am/server/logs/imsTrace.log:2016-02-15 05:42:31,776, [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'], (CommandServerEngine.java:897), trace.com.rsa.command.CommandServerEngine, DEBUG, USEMC-SECRSA001.NA.XOM.COM,,,,Command : class com.rsa.authmgr.admin.radius.AddRadiusClientCommand
Execution Exception: java.lang.NullPointerException
java.lang.NullPointerException
at com.rsa.authmgr.internal.admin.radius.impl.RadiusClientAdministrationImpl.createRadiusClient(RadiusClientAdministrationImpl.java:323)
at com.rsa.authmgr.admin.radius.AddRadiusClientCommand$Executive.execute(AddRadiusClientCommand.java:304)
at com.rsa.authmgr.admin.radius.AddRadiusClientCommand.performExecute(AddRadiusClientCommand.java:160)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119)
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373)
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:32)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:693)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:518)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:514)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Execution Exception: java.lang.NullPointerException
java.lang.NullPointerException
at com.rsa.authmgr.internal.admin.radius.impl.RadiusClientAdministrationImpl.createRadiusClient(RadiusClientAdministrationImpl.java:323)
at com.rsa.authmgr.admin.radius.AddRadiusClientCommand$Executive.execute(AddRadiusClientCommand.java:304)
at com.rsa.authmgr.admin.radius.AddRadiusClientCommand.performExecute(AddRadiusClientCommand.java:160)
at com.rsa.command.LocalTarget.executeCommand(LocalTarget.java:119)
at com.rsa.ims.command.LocalTransactionalCommandTarget.access$0(LocalTransactionalCommandTarget.java:1)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:268)
at com.rsa.ims.command.LocalTransactionalCommandTarget$2.doInTransaction(LocalTransactionalCommandTarget.java:1)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
at com.rsa.ims.command.LocalTransactionalCommandTarget.executeCommand(LocalTransactionalCommandTarget.java:260)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:933)
at com.rsa.command.CommandServerEngine$CommandExecutor.run(CommandServerEngine.java:1)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:113)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:439)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:445)
at com.rsa.command.CommandServerEngine.executeCommand(CommandServerEngine.java:373)
at com.rsa.command.CommandServerBean.executeCommand(CommandServerBean.java:89)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:32)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl.executeCommand(Unknown Source)
at com.rsa.command.CommandServerEjb30_vraifm_CommandServerEjb30Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:693)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:518)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:514)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Taken from the /opt/rsa/am/server/logs/imsTrace.log:
2016-02-15 05:43:36,462, [[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'], (RadiusReplicationTimerHandlerImpl.java:274),
trace.com.rsa.authmgr.internal.admin.radius.timer.impl.RadiusReplicationTimerHandlerImpl,
DEBUG, AM81R2.COMPANY.COM,
,
,
,Crafting Critical notification message for :[RadiusReplicationHealthStatus: replicaServerNameam81r2.company.com
,errorDetected: true
,errorStatus: Replica: out-of-date
,decoratedStatus: RadiusReplicationStatus_OUT_OF_DATE]
trace.com.rsa.authmgr.internal.admin.radius.timer.impl.RadiusReplicationTimerHandlerImpl,
DEBUG, AM81R2.COMPANY.COM,
,
,
,Crafting Critical notification message for :[RadiusReplicationHealthStatus: replicaServerNameam81r2.company.com
,errorDetected: true
,errorStatus: Replica: out-of-date
,decoratedStatus: RadiusReplicationStatus_OUT_OF_DATE]
The following error is seen when removing a replica instance from the Operations Console that was not attached to the RSA Authentication Manager deployment:
Error: com.rsa.common.InvalidArgumentException: IP Address is required to perform this operation
Cause
A replica instance name is present in the configuration, but is not attached to the primary RSA Authentication Manager server.
Resolution
The replica instance name needs to be removed from the RSA Authentication Manager configuration.
Before continuing, perform a backup of the database, as data is being changed in the database with these steps and this backup will provide a restore point, if needed. From the Operations Console select Maintenance > Backup and Restore > Backup Now and click Backup. Optionally, you can change the Backup Name, enter a Password, set backup location.
Follow these steps to manually remove the replica instance.Note that during Quick Setup another user name may have been selected. Use that user name to login.
- Navigate to /opt/rsa/am/utils.
- Retrieve the password for the rsa_dba user using the command. Note that this password is unique for each deployment of RSA Authentication Manager:
rsaadmin@am82p:~> cd /opt/rsa/am/utils
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password -u <Operations Console administrator name> -p <Operations Console administrator password>
com.rsa.db.dba.password: ckg2DBtNZLy80TADWcGqdF0NOJygAQ
- Create a text file in /opt/rsa/am/utils with an appropriate name. For example, replica_id.sql.
- Copy the SELECT statement below into the text file and save the change:
SELECT instance_id FROM rsa_rep.ims_instance_node WHERE host = ‘<replica_FQDN>’;
- Obtain the instance id for the replica fully-qualified hostname (FQDN) with this command:
/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t –f replica_id.sql –o replica_id.txt
Password for user rsa_dba: <enter database password from step 4>
psql.bin (9.4.1)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off)
Type "help" for help.
db=#
Password for user rsa_dba: <enter database password from step 4>
psql.bin (9.4.1)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off)
Type "help" for help.
db=#
- View the replica_id.txt. Expect something like c6228df7030a13ac08022fbb70b982ea in replica_id.txt.
- Create a text file in /opt/rsa/am/utils with an appropriate name. For example, ip_change.sql.
- Copy the SELECT statement below into the text file and save the change:
UPDATE rsa_rep.am_host SET primary_ip = ‘1.1.1.1’ WHERE server_instance_id=’<instance_id>’;
- Update the IP address of the replica instance fully-qualified hostname (FQDN) with the command:
/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t –f ip_change.sql –o ipchangelog.txt
The ipchangelog.txt will contain the text UPDATE 1.
The ipchangelog.txt will contain the text UPDATE 1.
- Use the Operations Console to remove the replica instance fully-qualified hostname (FQDN) from the deployment.
- Navigate to Deployment Configuration > Instance > Status Report.
- Click on the Replica Instance Name and enter super admin credentials.
- Check Yes, delete the replica.
- Click Delete.
- Once the replica instance FQDN has been removed from the Authentication Manager deployment, an administrator can add a RADIUS client in the Security Console by selecting RADIUS > RADIUS Clients > Add New.
In this article
