Release NotesKnown IssuesEndpoint TypesRSA SecurId 7 › Exploration of an RSA 7.1 Endpoint Fails

Previous Topic: RSA SecurId 7

Next Topic: RSA SSL Considerations
Exploration of an RSA 7.1 Endpoint Fails

Symptom:

When I acquire an RSA 7.1 endpoint and select either a level 1 or level 2 exploration, the exploration fails with error messages similar to the following:

JCS: RSA7: Error searching RADIUS profiles in Incoming message header or abbreviation processing failed nested exception is: java.io.InvalidClassException: com.rsa.authmgr.admin.radius.data.RadiusProfileListDTO; local class incompatible: stream classdesc serialVersionUID = 20091214

Connector Server Search failed: code 54 (LOOP_DETECT-NoSuchMethodError): failed on search operation: eTDYNContainerName=SystemDomain,eTDYNDirectoryName=rsa71_sp4-test,eTNamespaceName=RSA SecurID 7,dc=AUTO,dc=etasa: com.rsa.authmgr.admin.tokenmgt.SearchTokensCommand.setFirstResult(I)V (ldaps://qa852imr12-5a.ca.com:20411)

Solution:

To upgrade a CA Identity Manager r12 CR7 or older environment that manages RSA SecurId 7 DYN Endpoints, you need to update the IMPD installer if the original IMPD installer is older than R12 CR8 after the upgrade.

To update the update IMPD installer

  1. Stop the CA Identity Manager Provisioning Server service.
  2. Start JXplorer and connect to the router DSA of the Provisioning Store. The router DSA runs on the Identity Manager Provisioning server by default. Use the following parameters:
    Host

    IMPS computer

    Port

    20391

    Security Level

    User and Password

    User DN

    eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb

  3. In JXplorer, navigate to the entry: 
    eTConfigParamName=Managed Branches,eTConfigParamFolderName=JCS_<*>_TLS_20411,eTConfigParamFolderName=Connector Servers,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=<im dc name>,dc=etadb
  4. Change eTConfigParamValue=eTNamespaceName=RSA SecurId 7,dc=ADMR12 to eTConfigParamValue=eTNamespaceName=RSA SecurID 7,dc=ADMR12.

    That is, change the lower case d in the string RSA SecurId 7 to an uppercase D. For example, change RSA SecurId 7 to RSA SecurID 7.

  5. In Jxplorer, navigate to the entry: 
    eTNamespaceName=RSA SecurId 7,dc=<im dc name>,dc=etadb
    1. Right click the entry and rename it to the following: 
      eTNamespaceName=RSA SecurIdx 7,dc=<im dc name>,dc=etadb
    2. Right click the entry you renamed in step a again and rename it to the following: 
      eTNamespaceName=RSA SecurID 7,dc=<im dc name>,dc=etadb
  6. Restart the CA Identity Manager Provisioning Server service.