Search This Blog

Wednesday, March 20

Unable to View Keys on RSA RKM post Migration / Restoration

At a DR site when the RSA Key manager is restored from a backup file taken on V2.7.1.8. We may face a challenge when the Oracle Password mismatches. 

 To check the password. Login as root to the newly built appliance. 

1. Type as below:
 
******************************************************************************************[root@myrkm ~]# su - oracle
-bash-3.00$ sqlplus local

SQL*Plus: Release 10.2.0.5.0 - Production on Wed Mar 20 16:15:36 2013

Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.

Enter password: <Enter Master Password>
 
******************************************************************************************
You should be able to login. Now run the same command on your production RKM appliance. Use the same password. If there is a mismatch, the login to your production unit failes. 

 Collect the correct password from the production appliance and then use the following to reset the password on your DR appliance. 
******************************************************************************************
Login as root to the appliance and run as below commands:

******************************************************************************************
[root@myrkm ~]# su - oracle
-bash-3.00$ sqlplus / as SYSDBA

SQL*Plus: Release 10.2.0.5.0 - Production on Wed Mar 20 16:24:00 2013

Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining Scoring Engine
and Real Application Testing options

SQL> alter user local identified by "<give master password from Production RKM>";

now Exit and then restart tomcat by 

service tomcat restart

******************************************************************************************
Now your password would sync. 


There May be error due to cookie mismatch and you will get error for Token decryption. 
Use the following:

Login as root and compare the cookie_name on the Production and DR appliance. Ensure they are same. 

******************************************************************************************


 grep cookie_name /opt/rsa-axm/agent-47-apache2/webservers/apache_2.0.59/conf/webagent.conf
<change this cookie_name line as below>

cleartrust.agent.cookie_name=CTSESSION


Then restart HTTPD service 

 
 service httpd restart


******************************************************************************************


Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)