AnsweredAssumed Answered

AFX Won't Start After Upgrade

Question asked by Louise Van Alstyne on Jul 6, 2018
Latest reply on Jul 9, 2018 by Azam Muhamad

I have upgraded my production system to 7.1, but now I can't get AFX to start. I've followed the instructions to re-establish the trust (000029259 - RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) Server fails to start with message:  WARNING!! Timed out waiting for AFX applications to start ) several times but it still will not start. I was able to do it without a problem in my Dev environment, but the production one is failing. The error in the esb.AFX-INIT.log points to there still being a cert issue, but I don't know what I'm missing.

 

I've opened a ticket but the tech assigned is in Australia... Would like to get this resolved by the end of the day.

 

Relevant lines from the log:

2018-07-06 10:33:36.439 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:185 - Error while attempting to execute initialization request!
2018-07-06 10:33:36.440 [ERROR] com.aveksa.afx.server.init.ServerInitializationComponent:79 - Server initialization failed! Please correct the issue and restart AFX.
java.lang.Exception: HTTP response error! Response code=401 ; Reason:
RSA Identity Governance and Lifecycle server was unable to authorize initialization request. This usually indicates that the AFX SSL certificate and/or ID currently configured for this installation do not match with records in the RSA Identity Governance and Lifecycle database. You may encounter this problem in the following scenarios:
*****
1.) The AFX SSL certificate was regenerated using the RSA Identity Governance and Lifecycle application but the AFX installation was not updated with keystore containing the new certificate. In this case, please update the AFX installation with latest keystore available for download from RSA Identity Governance and Lifecycle application.
*****
2.) RSA Identity Governance and Lifecycle certificate store has been changed but neither the RSA Identity Governance and Lifecycle server nor AFX installations have been updated with respective keystore containing new certificate and CA entries. In this case, please update both the RSA Identity Governance and Lifecycle server and AFX installations with latest respective keystore available for download in the RSA Identity Governance and Lifecycle application.
*****
3.) RSA Identity Governance and Lifecycle database was refreshed / restored using a backup that was generated on another environment (e.g., backup of Production system database was restored on the QA system database). In this case, additional steps are required to get the SSL certificate configuration in the database in sync with what's deployed on the RSA Identity Governance and Lifecycle & AFX server machine(s). Please change the RSA Identity Governance and Lifecycle certificate store and then update both the RSA Identity Governance and Lifecycle server and AFX installations with latest respective keystore available for download in the RSA Identity Governance and Lifecycle application.
*****

Outcomes