Upload
khangminh22
View
35
Download
0
Embed Size (px)
Citation preview
Contact InformationGo to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
TrademarksRSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa.
License AgreementThis software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.This software is subject to change without notice and should not be construed as a commitment by EMC.
Third-Party LicensesThis product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the folder Third-Party Licenses on the product DVD.
Note on Encryption TechnologiesThis product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product.
DistributionUse, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright © 1994-2013 EMC Corporation. All Rights Reserved. Published in the U.S.A.March 2013
RSA Authentication Manager 8.0 Troubleshooting Guide
Contents
Preface................................................................................................................................... 5About This Guide................................................................................................................ 5RSA Authentication Manager 8.0 Documentation ............................................................. 5Related Documentation....................................................................................................... 6Support and Service ............................................................................................................ 6
Before You Call Customer Support............................................................................. 7
Chapter 1: Troubleshooting Common Error Messages ......................... 920063 - AUTHMGR_AGENT_CLEAR_NODESECRET ................................................ 920239 - EXPORT_DATA_TO_FILE................................................................................. 920240 - GENERATE_EXPORT_SECURITY_PACKAGE .............................................. 923039 - AUTOREG_CLEAR_NODESECRET ............................................................... 1023005 - AUTH_NODE_VERIFICATION ....................................................................... 1023036 - AUTOREG_VERIFY_NODESECRET.............................................................. 1023026 - AUTOREG_VERIFY_NODESECRET.............................................................. 1016044 - ACCESS_DATABASE........................................................................................1116075 - INITIALIZE_PERMISSIONS .............................................................................1116112 - REMOVE_ORPHANED_PRINCIPALS.............................................................1116329 - READ_ACTIVE_USERS ....................................................................................1126011 - PROCESS_REFERENTIAL_INTEGRITY_MESSAGES................................. 1223071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN ....................................... 12
Resolve 23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN .................. 1223038 - AUTOREG_DHCP_ERROR .............................................................................. 12
Resolve 23038 - AUTOREG_DHCP_ERROR ......................................................... 1326041 - ADJUDICATOR_CLOCK_SETBACK.............................................................. 13
Resolve 26041 - ADJUDICATOR_CLOCK_SETBACK ........................................ 1416297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED....................... 14
Resolve 16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED.. 1420056 - INSUFFICIENT_PRIVILEGE............................................................................ 14
Resolve 20056 - INSUFFICIENT_PRIVILEGE....................................................... 1523002 - AUTH_UNSUPPORTED_PROTOCOL ............................................................ 15
Resolve 23002 - AUTH_UNSUPPORTED_PROTOCOL ....................................... 1523008 - AUTH_PRINCIPAL_RESOLUTION ................................................................ 15
Resolve 23008 - AUTH_PRINCIPAL_RESOLUTION ........................................... 1623072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE ....................................... 16
Resolve 23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE .................. 1623073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE ............................... 16
Resolve 23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE .......... 1723080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID ............................................ 17
Resolve 23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID ....................... 1716089 - DENIAL_OF_SERVICE..................................................................................... 18
Resolve 16089 - DENIAL_OF_SERVICE................................................................ 18
3
RSA Authentication Manager 8.0 Troubleshooting Guide
20214 - AM_CONFIGURATION_UPDATE_FAILED .................................................. 18Resolve 20214 - AM_CONFIGURATION_UPDATE_FAILED............................. 18
13003 - AUTHN_LOCKOUT_EVENT ........................................................................... 19Resolve 13003 - AUTHN_LOCKOUT_EVENT ...................................................... 19
16265 - DETERMINE_RELATED_IDENTITY_SOURCE............................................ 19Resolve 16265 - DETERMINE_RELATED_IDENTITY_SOURCE ...................... 19
16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED................................... 20Resolve 16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED.............. 20
16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED............................................. 20Resolve 16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED........................ 20
23017 - OA_DATA_DOWNLOAD_FAILED................................................................. 21Resolve 23017 - OA_DATA_DOWNLOAD_FAILED............................................ 21
23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED ......................................... 21Resolve 23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED .................... 21
16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT..................... 22Resolve 16262 - BATCH_CLEANUP_ORPHANED
_PRINCIPALS_LIMIT_HIT.................................................................................. 2216264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILURE ...... 22
Resolve 16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILURE ......................................................................... 22
Chapter 2: RSA Authentication Manager Log Messages .................... 23
4
RSA Authentication Manager 8.0 Troubleshooting Guide
Preface
About This Guide
This guide describes how to troubleshoot RSA® Authentication Manager 8.0 for commonly occurring error messages. These error messages are displayed in the SNMP traps or in the logs. Refer to this guide for basic troubleshooting steps before calling Customer Support. This guide also lists all the Authentication Manager 8.0 trap messages. This guide is intended for administrators and other trusted personnel.
RSA Authentication Manager 8.0 Documentation
For information about RSA Authentication Manager 8.0, see the following documentation. RSA recommends that you store the product documentation in a location on your network that is accessible to administrators. Release Notes. Describes what is new and changed in this release, as well as workarounds for known issues.Getting Started. Describes how to perform the Authentication Manager Quick Setup process.Planning Guide. Describes the high-level architecture of Authentication Manager and how it integrates with your network.Setup and Configuration Guide. Describes how to set up and configure Authentication Manager.Administrator’s Guide. Provides an overview of Authentication Manager and its features. Describes how to configure the system and perform a wide range of administration tasks, including manage users and security policies. Help Desk Administrator’s Guide. Provides instructions for the most common tasks that a Help Desk Administrator performs on a day-to-day basis. SNMP Reference Guide. Describes how to configure Simple Network Management Protocol (SNMP) to monitor an instance of Authentication Manager.Troubleshooting Guide. Describes the most common error messages in RSA Authentication Manager and provides the appropriate actions to troubleshoot each event. Developer’s Guide. Provides information about developing custom programs using the RSA Authentication Manager application programming interfaces (APIs). Includes an overview of the APIs and Javadoc for Java APIs.Performance and Scalability Guide. Describes what to consider when tuning your deployment for optimal performance. 6.1 to 8.0 Migration Guide. Describes how to migrate from an RSA Authentication Manager 6.1 deployment to an RSA Authentication Manager 8.0 deployment.
Preface 5
RSA Authentication Manager 8.0 Troubleshooting Guide
7.1 to 8.0 Migration Guide. Describes how to migrate from an RSA Authentication Manager 7.1 deployment to an RSA Authentication Manager 8.0 deployment. Security Console Help. Describes day-to-day administration tasks performed in the Security Console.
Operations Console Help. Describes configuration and setup tasks performed in the Operations Console. Self-Service Console Help. Describes how to use the Self-Service Console. To view the Help, on the Help tab in the Self-Service Console, click Self-Service Console Help.RSA Token Management Snap-In Help. Describes how to use software that works with the Microsoft Management Console (MMC) for deployments that have an Active Directory identity source. Using this snap-in, you can enable or disable a token, assign a token, or perform other token-related tasks without logging on to the Security Console.
Related Documentation
RADIUS Reference Guide. Describes the usage and settings for the initialization files, dictionary files, and configuration files used by RSA RADIUS.Security Configuration Guide. Describes the security configuration settings available in Authentication Manager. It also describes secure deployment and usage settings, secure maintenance, and physical security controls.
Support and Service
RSA SecurCare Online offers a knowledgebase that contains answers to common questions and solutions to known problems. It also offers information on new releases, important technical news, and software downloads.The RSA Solution Gallery provides information about third-party hardware and software products that have been certified to work with RSA products. The gallery includes Secured by RSA Implementation Guides with step-by-step instructions and other information about interoperation of RSA products with these third-party products.
RSA SecurCare Online https://knowledge.rsasecurity.com
Customer Support Information www.emc.com/support/rsa/index.htm
RSA Solution Gallery https://gallery.emc.com/community/marketplace/rsa?view=overview
6 Preface
RSA Authentication Manager 8.0 Troubleshooting Guide
Before You Call Customer Support
Please have the following information available when you call: Access to the RSA Authentication Manager appliance. Your license serial number. To locate the license serial number, do one of the
following:• Look at the order confirmation e-mail that you received when your ordered
the product. This e-mail contains the license serial number.• Log on to the Security Console, and click License Status. Click View
Installed License. The Authentication Manager appliance software version information. You can
find this information in the top, right corner of the Quick Setup, or in the Security Console. Log on to the Security Console, and click Software Version Information.
Preface 7
RSA Authentication Manager 8.0 Troubleshooting Guide
1 Troubleshooting Common Error Messages
This chapter lists messages that occur for common problems, along with their possible causes and corresponding resolutions. These messages are for administrative, system, and authentication events. Each error message includes:• Action ID. A unique number• Action Key. A unique title• Message. Text that describes the issue. • Description. Additional information about the message.
20063 - AUTHMGR_AGENT_CLEAR_NODESECRET
Message: Administrator “{0}” attempted to clear node secret for agent “{4}” managed in security domain “{5}”Description: Clear Agent Node SecretProblem: The node secret has been cleared. No troubleshooting is required.
20239 - EXPORT_DATA_TO_FILE
Message: Administrator “{0}” attempted to export data to the file “{11}”.Description: Export Data to fileProblem: The administrator attempted to export user and token data to a file. No troubleshooting is required.
20240 - GENERATE_EXPORT_SECURITY_PACKAGE
Message: Administrator “{0}” attempted to generate and download export security package.Description: Generate Export Security PackageProblem: The administrator attempted to generate and download the export security package. No troubleshooting is required.
1: Troubleshooting Common Error Messages 9
RSA Authentication Manager 8.0 Troubleshooting Guide
23039 - AUTOREG_CLEAR_NODESECRET
Message: Cleared node secret for the agent “{3}” in Security Domain “{5}”Description: Agent node secret has been clearedProblem: The administrator has manually cleared, generated, and reloaded the node secret. No troubleshooting is required.
23005 - AUTH_NODE_VERIFICATION
Message: Verifying node secret for the agent “{3}” with IP address “{4}” in security domain “{5}”Description: Node secret verificationProblem: There is a problem with the node secret. Resolution: Clear the node secret in both the Authentication Manager server and agent. See the Security Console Help topic “Manage the Node Secret.”
23036 - AUTOREG_VERIFY_NODESECRET
Message: Verifying node secret for the agent “{3}” with IP address “{4}” in Security Domain “{5}”Description: Agent node secret verificationProblem: There is a problem with the node secret. Resolution: Clear the node secret in both the Authentication Manager server and agent. See the Security Console Help topic “Manage the Node Secret.”
23026 - AUTOREG_VERIFY_NODESECRET
Message: Verifying node secret for the agent “{3}” with IP address “{4}” in Security Domain “{5}”Description: Agent node secret verificationProblem: This message indicates that there is a problem with the node secret. Resolution: Clear the node secret in both the Authentication Manager server and agent. See the Security Console Help topic “Manage the Node Secret.”
10 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
16044 - ACCESS_DATABASE
Message: Database access attempted by systemDescription: Database accessProblem: An unexpected error occurred when a database access was attempted using utilities that are different from those used by the Operations Console or Security Console. Resolution: Verify if the database is operating correctly and if sufficient storage space is available.
16075 - INITIALIZE_PERMISSIONS
Message: System attempted to load permission types from the databaseDescription: Initialize permissionsProblem: An unexpected error has occurred when loading administrative role permissions from the database.Resolution: Verify if the database is operating correctly and if sufficient storage space is available.
16112 - REMOVE_ORPHANED_PRINCIPALS
Message: Administrator “{0}” attempted to clean up unresolvable usersDescription: Clean up unresolvable usersProblem: Authentication Manager cannot connect to the LDAP directory server.Resolution: Confirm that the LDAP directory server(s) identified in the identity source connection information are running and can be connected from the server.
16329 - READ_ACTIVE_USERS
Message: System failed to read the licensed number of active users from the system configurationDescription: Unable to read active users from the system configurationProblem: Authentication Manager licensing is incorrect.Resolution: Confirm that Authentication Manager has a valid license file. In the Security Console Help, see the topic “Check License Status.”
1: Troubleshooting Common Error Messages 11
RSA Authentication Manager 8.0 Troubleshooting Guide
26011 - PROCESS_REFERENTIAL_INTEGRITY_MESSAGES
Message: Administrator “{0}” attempted to process referential integrity messageDescription: Process Referential Integrity MessageProblem: An error occurred while promoting a replica instance to a primary instance.Resolution: Confirm that the replica promotion has completed successfully. Do not start the severs before this process is complete. In the Operations Console Help, see the topic “Promote a Replica Instance.”
23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN
Message: Bad tokencode ; but good PIN detected for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity sourceDescription: Authentication attempted.Problem: The user could not successfully authenticate. It is possible that the user has forgotten the PIN, or is using the wrong token.
Resolve 23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN
Procedure
1. Verify that the user is using the correct token as assigned. Ask the user for the serial number on the back of the token, and verify it against the token serial number that you see in the Security Console. If the token serial numbers do not match, ask the user to use the assigned token only.
2. Resynchronize the token assigned to the user. See the Security Console Help topic “Resynchronize a Token.”
3. Open the Activity Monitor. Ask the user to authenticate using the PIN after resynchronization, and monitor the log entry in real time. See the Security Console Help topic, “View Messages in the Activity Monitor.”
23038 - AUTOREG_DHCP_ERROR
Message: While registering an agent “{3}” ; found another agent “{8}” with the same alias IP address “{4}”. Could not un-assign IP from “{8}”Description: While registering an agent found another agent with the same alias IP address.Problem: During agent registration, another agent was found to have the same alias IP address.
12 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
Resolve 23038 - AUTOREG_DHCP_ERROR
This message is related to auto-registration and DHCP. Procedure
1. Enable auto-registration. For instructions, see the Security Help topic, “Allow an Agent to Auto-Register.”
2. Download the server certificate. For instructions, see the Security Console Help topic, “Download an RSA Authentication Manager Server Certificate.”
3. When setting Agent Auto-Registration settings, change the default Agent IP Update option to not automatically update the IP addresses of authentication agents. For more information, see the Security Console Help topic “Configure Agent Settings.”
4. Check your firewall rules and ensure that the following ports are open to enable communication between the agent and Authentication Manager instance.
5. Clear the node secret files on the agent. For instructions, see the authentication agent documentation.
6. Re-install the authentication agent. Choose custom installation, and select auto-registration during the install process. See your agent documentation for instructions.
26041 - ADJUDICATOR_CLOCK_SETBACK
Message: Detected clock setback ; current:“{3}” expected:“{4}”Description: Clock Setback DetectedProblem: If the time difference is less than plus or minus one minute, the Authentication Manager system clock may not be synchronized with the Network Time Protocol (NTP) Server. If the time difference is more than plus or minus one minute, contact RSA Customer Support.
Port Function
5500/UDP Used for communication between Authentication Manager and authentication agents.
5580/TCP Authentication agents connect to this port to perform offline data downloads.
5550/TCP Used by the authentication agent auto-registration utility. This port must be open.
139/TCP Used by authentication agents to verify whether the user is a member of a challenge group in Microsoft Active Directory.
1: Troubleshooting Common Error Messages 13
RSA Authentication Manager 8.0 Troubleshooting Guide
Resolve 26041 - ADJUDICATOR_CLOCK_SETBACK
Procedure
1. Verify that the NTP server is correct and stable.2. Make sure the Authentication Manager server is synchronized with the NTP
server. For instructions on how to specify the date and time settings, see the Operations Help topic, “Update System Date and Time Settings.” Do not set the system clock of the Authentication Manager server back in time. This is a potential security issue as it can cause expired tokencodes to be used.
16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED
Message: System cannot initialize related identity sources for identity source “{3}”Description: System cannot initialize related identity source cache.Problem: Authentication Manager cannot connect to the identity source. This error can occur under the following circumstances:• The firewall is configured incorrectly.• LDAP credentials are invalid or expired.• A certificate has expired.• LDAP filters are configured incorrectly or altered.• Network issues exist.
Resolve 16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED
Verify the LDAP connection. For LDAP-related information, see the Operations Console Help topics, “Add an Identity Source” and “Identity Source SSL Certificates.” To troubleshoot network issues, see the Operations Console Help topic, “Verify an IP Address or Hostname.”
20056 - INSUFFICIENT_PRIVILEGE
Message: Administrator “{0}” attempted an action having insufficient privileges.Description: Insufficient PrivilegeProblem: The administrator has insufficient privileges to perform the attempted action.
14 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
Resolve 20056 - INSUFFICIENT_PRIVILEGE
Procedure
1. Verify that the administrator is assigned the correct security domain scope and permissions. For instructions, see the Security Console Help topic “View All Administrative Roles Assigned to an Administrator.”
2. If the administrator needs more permissions, either edit the administrative role and add the appropriate permissions or assign a different role. See the Security Console Help Topic, “Administrative Role Overview” for more information.
23002 - AUTH_UNSUPPORTED_PROTOCOL
Message: Received unsupported request from agent “{3}” with IP address “{4}” in security domain “{5}”. Request type: “{18}”Description: Received unsupported request.Problem: The device is unsupported because there is no server interface to handle this type of network packet.
Resolve 23002 - AUTH_UNSUPPORTED_PROTOCOL
Procedure
1. Verify that the agent host uses a legacy authentication method from agents older than version 5.x. Authentication Manager 8.0 only accepts agents from releases 5.x and higher.
2. Contact the manufacturer of the user’s authentication device to find out if the device is eligible to upgrade to a 5.x or higher API.
3. If the device is enabled for RADIUS, verify that the current version is compatible with the new RADIUS Access-Challenge, including New PIN Mode and Next Tokencode Mode.
23008 - AUTH_PRINCIPAL_RESOLUTION
Message: Attempting to resolve user by userid or alias “{0}”. Request originated from agent “{3}” with IP address “{4}” in security domain “{5}”Description: Resolve principal by userid/aliasProblem: Authentication Manager cannot identify the user through the User ID or alias. It is possible that multiple users have the same alias. When an administrator associates an agent and a group, all of the user’s aliases associated with the group are now searched. This error can occur under the following circumstances:• An agent is associated with many groups and two people in different groups have
the same alias.• An administrator recently associated an agent with a group.
1: Troubleshooting Common Error Messages 15
RSA Authentication Manager 8.0 Troubleshooting Guide
Resolve 23008 - AUTH_PRINCIPAL_RESOLUTION
Procedure
1. In the Security Console, go to the Home page.2. Use Quick Search to find the user.3. Click Authentication Settings and view the user alias.4. Change the user’s alias to be unique.
23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE
Message: Bad PIN ; but good tokencode detected for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity sourceDescription: Authentication attemptedProblem: The user who is assigned the token may no longer possess it because the passcodes are being guessed.
Resolve 23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE
Confirm if the user possesses the assigned token. Procedure
1. In the Security Console, go to the Home page.2. Use Quick Search to find the user.3. Select the user to whose token you need to verify.4. Under Assigned SecurID Tokens, view the token serial number.5. Ask the user for the serial number on the back of the token, and verify if it
matches the serial number on the Security Console.
23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE
Message: Bad PIN ; but previous tokencode detected for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity sourceDescription: Authentication attemptedProblem: This error occurred due to any of the following circumstances: • The user forgot his or her PIN or is using a PIN that is correct for a different token.• Replication has failed, and the user’s PIN is not updated in the replica instance. • An unauthorized person possesses the token and is guessing PINs.
16 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
Resolve 23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE
Procedure
1. Check the replication status. See the Operations Console Help topic, “Check Replication Status.”
2. If the replication status does not display an error, confirm that the serial number on the back of the token matches the token assigned to the user in the User Dashboard. If the serial numbers match, clear the PIN. a. In the Security Console, go to the Home page.b. Use Quick Search to find the user.c. Select the user to whose token you need to verify.d. Under Assigned SecurID Tokens, view the token serial number.e. If the serial number matches, you need to clear the PIN.f. Under Assigned SecurID Tokens, select the token with the PIN that needs to
be cleared.g. Click Clear PIN.
3. Require the user to change the PIN. For instructions, see the Security Console Help topic “Require Users to Change Their RSA SecurID PINs.”
4. Open the Authentication Activity Monitor and instruct the user to authenticate. You can see whether the user has authenticated.
23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID
Message: Received a SecurID credential ; which the agent is configured to not accept. Agent “{3}” with IP address “{4}” in security domain “{5}”Description: SecurID credential type not acceptedProblem: An agent attempted to submit a SecurID passcode. The agent is configured to handle users who are enrolled in risk-based authentication (RBA), but it is not configured to authenticate a SecurID passcode.
Resolve 23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID
Ensure that the agent is configured correctly. Procedure
1. In the Security Console, click Setup > System Settings.2. Under Authentication Settings, click Agents.3. Verify that the authentication settings are correct.
• If the agent is to be used for SecurID authentications, configure the agent to be used for a normal passcode.
• If the agent is to be used for RBA, configure the agent to redirect to the RBA server.
1: Troubleshooting Common Error Messages 17
RSA Authentication Manager 8.0 Troubleshooting Guide
16089 - DENIAL_OF_SERVICE
Message: Denial-of-service attack detected. Server received “{4}” failed authentications from user “{3}”Description: Denial-of-service attack detectedProblem: Authentication Manager has detected a series of unsuccessful authentication attempts from a remote administrative SDK application, suggesting that an unauthorized individual is attempting to authenticate. The SDK application might not have the correct WebLogic command client username and password, which would cause authentication attempts to fail.
Resolve 16089 - DENIAL_OF_SERVICE
Verify that any remote administrative SDK applications have the correct WebLogic command client username and password.
20214 - AM_CONFIGURATION_UPDATE_FAILED
Message: Administrator “{0}” failed to update AM configurationDescription: Failed to update AM configuration
Problem: An attempt to modify Authentication Manager configuration data has failed. Either the administrator performing the update does not have permission or the configuration value has been removed or deprecated.This error can also occur when an application using UpdateAMConfigurationCommand to update configuration data lacks sufficient permission.
Resolve 20214 - AM_CONFIGURATION_UPDATE_FAILED
Verify that the administrator has permission to modify the configuration data.Procedure
1. In the Security Console, go to the Home page.2. Use Quick Search to find and select the administrator.3. From the context menu next to the administrator’s username, select
Administrative Roles.4. Verify that the assigned administrative roles provide sufficient privileges to
modify the configuration data.5. (Optional) To assign additional administrative roles to this administrator, do the
following:a. Click Assign Role.b. Select the role you want to assign to the administrator.c. Click Assign Role.
18 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
13003 - AUTHN_LOCKOUT_EVENT
Message: Users “{0}” from security domain “{1}” in identity source “{2}” is locked outDescription: Principal lockoutProblem: Authentication Manager has locked a user out of the system.
Resolve 13003 - AUTHN_LOCKOUT_EVENT
Procedure
1. In the Security Console, use the Quick Search field to find the user.
2. In the User Dashboard, view the user’s lockout status.3. Unlock the user’s account.See the Security Console Help topic “Locked User Accounts” for more information.
16265 - DETERMINE_RELATED_IDENTITY_SOURCE
Message: System cannot determine whether identity source “{3}” and identity source “{4}” are connecting to the same directory server.Description: Attempting to determine whether the given identity sources connect to the same directory server. Problem: A connectivity problem exists between the identity source and the LDAP directory server. This problem can occur for any of the following reasons: • Incorrectly configured firewall • Invalid or expired LDAP credentials• Certificate expiration• Incorrectly configured or altered LDAP filters• Network issues
Resolve 16265 - DETERMINE_RELATED_IDENTITY_SOURCE
Verify the LDAP connection. For LDAP-related information, see the Operations Console Help topics, “Add an Identity Source” and “Identity Source SSL Certificates.” To troubleshoot network issues, see the Operations Console Help topic, “Verify an IP Address or Hostname.”
1: Troubleshooting Common Error Messages 19
RSA Authentication Manager 8.0 Troubleshooting Guide
16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED
Message: Cannot process requests that need access to identity source “{3}”. The identity source is currently unreachable.Description: Failed to connect to identity source.Problem: Authentication Manager cannot connect to the identity source. This problem can occur for any of the following reasons: • Incorrectly configured firewall • Invalid or expired LDAP credentials
• Certificate expiration• Incorrectly configured or altered LDAP filters• Network issues
Resolve 16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED
Verify the LDAP connection. For LDAP-related information, see the Operations Console Help topics, “Add an Identity Source” and “Identity Source SSL Certificates.” To troubleshoot network issues, see the Operations Console Help topic, “Verify an IP Address or Hostname.”
16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED
Message: The user’s distinguished name has changed. Either the primary could not update the user or the primary cannot be contacted. Authentication requests from “{3}” to this instance will not be successful until primary updates the user.Description: System cannot process this authentication requestProblem: A connectivity problem exists between the primary and replica instances.
Resolve 16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED
Procedure
1. Check the replication status between the primary and replica instance. For information, see the Operations Console Help topic, “Check Replication Status.”
2. Verify if you can reach the primary or replica instance by running network tools and confirming if the replication port 7002/TCP is open. To run network tools, see the Operations Console Help topic, “Verify an IP Address or Hostname.”
3. Determine if disaster recovery procedures are appropriate. For information, see the Operations Console Help topic, “Disaster Recovery Situations.”
20 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
23017 - OA_DATA_DOWNLOAD_FAILED
Message: Offline authentication data download requested by user “{0}” from agent “{3}” using token “{8}” failed with error message “{9}”Description: Offline Authentication Data Download FailedProblem: A user’s attempt to download offline authentication data failed. This message can occur when the offline authentication policy settings for the user do not match the settings for the agent. This can also occur if port 5580/tcp is inaccessible.
Resolve 23017 - OA_DATA_DOWNLOAD_FAILED
Procedure
1. Verify if port 5580/tcp is accessible. For instructions, see the Operations Console Help topic, “Verify an IP Address or Hostname.”
2. Identify the security domains to which the user and agent belong.3. If the security domains are different, verify that the offline authentication policies
applied to each security domain do not conflict.4. Modify the offline authentication policies to resolve any conflicts. See
“Configuring Authentication Policies” in the Administrator’s Guide for more information.
23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED
Message: Next tokencode mode activated for token serial number “{16}” assigned to user “{0}” in security domains “{1}” from “{2}” identity source.Description: Next tokencode mode activated for tokenProblem: A user has failed to authenticate with a specific token more times than the token policy allows. In next tokencode mode, the user has one chance to enter the tokencode correctly before the account is locked.
Resolve 23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED
This message occurs when a token has failed to authenticate a specific number of times. You can configure the number of authentication failures allowed before next tokencode mode is activated in the Security Console. See “Token Policy” in the Administrator’s Guide for more information.
1: Troubleshooting Common Error Messages 21
RSA Authentication Manager 8.0 Troubleshooting Guide
If this error occurs multiple times, check the accuracy of the Authentication Manager system clock. Clock drift may have occurred between the Authentication Manager Server and the token clock. See “Accurate System Date and Time Settings” in the Setup and Configuration Guide for more information.
Note: Incorrectly or unnecessarily changing the system time may cause a total authentication outage. If you are not confident of the cause of the problem, contact RSA Customer Support. Do not attempt to correct clock drift if it is more than plus or minus one minute.
16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT
Message: Cleanup of unresolvable users was not possible. Found {3} users ; which exceeded the automated cleanup limit of {4} users.Description: Clean up unresolvable users and groupsProblem: The Cleanup Limit canceled an automated cleanup job because more than the specified number of unresolvable users were found in the database.
Resolve 16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT
Verify if any recent changes have been applied to the identity source, such as using a filter. Such a change may result in a large difference in the number of users located in the identity source. See “User Data in an LDAP Directory” in the Administrator’s Guide, for more information on how changes made to user data in an LDAP directory can affect user authentication and administration.
16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILURE
Message: User cannot be found across identity sources. User “{3}” will not be allowed to authenticate for the next 60 minutes..Description: System cannot process this authentication requestProblem: The user who attempted to authenticate cannot be found in any identity source.
Resolve 16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILURE
Verify if you have made any recent change to the identity source, such as using a filter. Such a change may result in a large difference in the number of users located in the identity source.
22 1: Troubleshooting Common Error Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
2 RSA Authentication Manager Log Messages
This chapter lists all Authentication Manager log messages based on the event category and action ID. It also lists the corresponding action key, description, and log message. The log message has placeholders in the “{number}” format, which represents actual data in the logs and Activity Monitor. Use this chapter to understand simple network management protocol (SNMP) trap information captured by a network management system. For more information on the information displayed by the object identifier structure (OID) in the SNMP trap, see the RSA Authentication Manager 8.0 SNMP Reference Guide.
Event Category Action ID Action Key Description Message
eventAdmin 10001 CREATE_REALM Create realm Administrator “{0}” attempted to create realm “{4}”
eventAdmin 10002 DELETE_REALM Delete realm Administrator “{0}” attempted to delete realm “{4}”
eventAdmin 10003 UPDATE_REALM Update realm Administrator “{0}” attempted to update realm “{4}”
eventAdmin 10004 READ_REALM Read realm Administrator “{0}” attempted to read realm “{4}”
eventAdmin 10005 CREATE_SECURITY_DOMAIN Create security domain
Administrator “{0}” attempted to create security domain “{4}”. The fully qualified name of the domain is “{11}”
2: RSA Authentication Manager Log Messages 23
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10006 DELETE_SECURITY_DOMAIN Delete security domain
Administrator “{0}” attempted to delete security domain “{4}”. The fully qualified name of the domain is “{11}”
eventAdmin 10007 UPDATE_SECURITY_DOMAIN Update security domain
Administrator “{0}” attempted to update security domain “{4}”. The fully qualified name of the domain is “{11}”
eventAdmin 10008 READ_SECURITY_DOMAIN Read security domain
Administrator “{0}” attempted to read security domain “{4}”. The fully qualified name of the domain is “{11}”
eventAdmin 10009 CREATE_IDENTITY_SOURCE Register identity source
Administrator “{0}” attempted to register identity source “{6}”
eventAdmin 10010 DELETE_IDENTITY_SOURCE Delete registration of identity source
Administrator “{0}” attempted to delete the registration of identity source “{6}”
eventAdmin 10011 UPDATE_IDENTITY_SOURCE Update registration of identity source
Administrator “{0}” attempted to update the registration of identity source “{6}”
eventAdmin 10012 CLEANUP_IDENTITY_SOURCE
Clean up identity source
Administrator “{0}” attempted to clean up identity sources
Event Category Action ID Action Key Description Message
24 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10013 CREATE_ATTRIBUTE Create attribute Administrator “{0}” attempted to create attribute “{4}” ; to be managed in security domain “{5}”
eventAdmin 10014 READ_ATTRIBUTE Read attribute Administrator “{0}” attempted to read attribute “{4}” ; managed in security domain “{5}”
eventAdmin 10015 UPDATE_ATTRIBUTE Update attribute Administrator “{0}” attempted to update attribute “{4}” ; managed in security domain “{5}”
eventAdmin 10016 DELETE_ATTRIBUTE Delete attribute Administrator “{0}” attempted to delete attribute “{4}” ; managed in security domain “{5}”
eventAdmin 10017 CREATE_ATTRIBUTE_MAPPING
Map attribute Administrator “{0}” attempted to map attribute “{4}” ; managed in security domain “{5}” to “{8}”
eventAdmin 10018 READ_ATTRIBUTE_MAPPING Read attribute mapping
Administrator “{0}” attempted to read attribute mapping “{4}”’s ; managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 25
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10019 DELETE_ATTRIBUTE_MAPPING
Delete attribute mapping
Administrator “{0}” attempted to delete the mapping of attribute “{4}” ; managed in security domain “{5}” to “{8}”
eventAdmin 10020 CREATE_ADMIN_ROLE Create administrative role
Administrator “{0}” attempted to create administrative role “{4}” ; to be managed in security domain “{5}”
eventAdmin 10021 DELETE_ADMIN_ROLE Delete administrative role
Administrator “{0}” attempted to delete administrative role “{4}” ; managed in security domain “{5}”
eventAdmin 10022 READ_ADMIN_ROLE Read administrative role
Administrator “{0}” attempted to read administrative role “{4}” ; managed in security domain “{5}”
eventAdmin 10023 UPDATE_ADMIN_ROLE Update administrative role
Administrator “{0}” attempted to update administrative role “{4}” ; managed in security domain “{5}”
Event Category Action ID Action Key Description Message
26 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10024 LINK_PRINCIPAL_ADMIN_ROLE
Associate principal with administrative role
Administrator “{0}” attempted to associate principal “{8}” ; stored in identity source “{10}” and managed in security domain “{9}”
eventAdmin 10025 UNLINK_PRINCIPAL_ADMIN_ROLE
Disassociate principal from administrative role
Administrator “{0}” attempted to disassociate principal “{8}” ; stored in identity source “{10}” and managed in security domain “{9}”
eventAdmin 10026 CREATE_AUTH_POLICY Create authentication policy
Administrator “{0}” attempted to create authentication policy “{4}” ; to be managed in security domain “{5}”
eventAdmin 10027 DELETE_AUTH_POLICY Delete authentication policy
Administrator “{0}” attempted to delete authentication policy “{4}” ; managed in security domain “{5}”
eventAdmin 10028 UPDATE_AUTH_POLICY Update authentication policy
Administrator “{0}” attempted to update authentication policy “{4}” ; managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 27
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10029 READ_AUTH_POLICY Read authentication policy
Administrator “{0}” attempted to view authentication policy “{4}” ; managed in security domain “{5}”
eventAdmin 10030 CREATE_PWD_POLICY Create password policy
Administrator “{0}” attempted to create password policy “{4}” ; to be managed in security domain “{5}”
eventAdmin 10031 DELETE_PWD_POLICY Delete password policy
Administrator “{0}” attempted to delete password policy “{4}” ; managed in security domain “{5}”
eventAdmin 10032 UPDATE_PWD_POLICY Update password policy
Administrator “{0}” attempted to update password policy “{4}” ; managed in security domain “{5}”
eventAdmin 10033 READ_PWD_POLICY Read password policy
Administrator “{0}” attempted to view password policy “{4}” ; managed in security domain “{5}”
Event Category Action ID Action Key Description Message
28 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10034 CREATE_LOCKOUT_POLICY Create lockout policy
Administrator “{0}” attempted to create lockout policy “{4}” ; to be managed in security domain “{5}”
eventAdmin 10035 DELETE_LOCKOUT_POLICY Delete lockout policy
Administrator “{0}” attempted to delete lockout policy “{4}” ; managed in security domain “{5}”
eventAdmin 10036 UPDATE_LOCKOUT_POLICY Update lockout policy
Administrator “{0}” attempted to update lockout policy “{4}” ; managed in security domain “{5}”
eventAdmin 10037 READ_LOCKOUT_POLICY Read lockout policy
Administrator “{0}” attempted to view lockout policy “{4}” ; managed in security domain “{5}”
eventAdmin 10038 UNLINK_SECURITY_DOMAIN_POLICIES
Unlink security domain policies
Administrator “{0}” attempted to unlink polices from security domain “{4}”
eventAdmin 10039 CREATE_GROUP Create group Administrator “{0}” attempted to create group “{4}” ; to be stored in identity source “{6}” and managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 29
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10040 UPDATE_GROUP Update group Administrator “{0}” attempted to update group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10041 REGISTER_GROUP Register group Administrator “{0}” attempted to register group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10042 UNREGISTER_GROUP Unregister group Administrator “{0}” attempted to unregister group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10043 READ_GROUP Read group Administrator “{0}” attempted to read group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10044 DELETE_GROUP Delete group Administrator “{0}” attempted to delete group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
Event Category Action ID Action Key Description Message
30 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10045 LINK_GROUP_GROUP Associate group with group
Administrator “{0}” attempted to associate group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10046 UNLINK_GROUP_GROUP Disassociate group from group
Administrator “{0}” attempted to disassociate group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10047 LINK_GROUP_PRINCIPAL Associate group with principal
Administrator “{0}” attempted to associate group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10048 UNLINK_GROUP_PRINCIPAL Disassociate Group from Principal
Administrator “{0}” attempted to disassociate group “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10049 FIND_ORPHANED_GROUPS Find unresolvable groups
Administrator “{0}” attempted to find unresolvable groups in identity source “{4}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 31
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10050 REMOVE_ORPHANED_GROUPS
Remove unresolvable groups
Administrator “{0}” attempted to clean up unresolvable groups in identity source “{4}”
eventAdmin 10051 CREATE_PRINCIPAL Create principal Administrator “{0}” attempted to create principal “{4}” ; to be stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10052 REGISTER_PRINCIPAL Register principal Administrator “{0}” attempted to register principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10053 UNREGISTER_PRINCIPAL Unregister principal
Administrator “{0}” attempted to unregister principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10054 DELETE_PRINCIPAL Delete principal Administrator “{0}” attempted to delete principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
Event Category Action ID Action Key Description Message
32 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10055 UPDATE_PRINCIPAL Update principal User “{0}” attempted to update principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10056 READ_PRINCIPAL Read principal Administrator “{0}” attempted to read principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10057 FIND_ORPHANED_PRINCIPALS
Find unresolvable users
Administrator “{0}” attempted to find unresolvable users in identity source “{4}”
eventAdmin 10059 CREATE_PRINCIPAL_PREFERENCES
Assign console preferences to principal
Administrator “{0}” attempted to assign preferences to principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10060 DELETE_PRINCIPAL_PREFERENCES
Remove console preferences for principal
Administrator “{0}” attempted to remove preferences for principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 33
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10061 UPDATE_PRINCIPAL_PREFERENCES
Update console preferences for principal
Administrator “{0}” attempted to update preferences for principal ; “{4}” stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10062 READ_PRINCIPAL_PREFERENCES
Read console preferences for principal
Administrator “{0}” attempted to read preferences for principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10063 CREATE_REALM_PREFERENCES
Assign console preferences to realm
Administrator “{0}” attempted to assign preferences for realm “{5}”
eventAdmin 10064 DELETE_REALM_PREFERENCES
Remove console preferences for realm
Administrator “{0}” attempted to remove preferences for realm “{5}”
eventAdmin 10065 UPDATE_REALM_PREFERENCES
Update console preferences for realm
Administrator “{0}” attempted to change preferences for realm “{5}”
eventAdmin 10066 READ_REALM_PREFERENCES Read console preferences for realm
Administrator “{0}” attempted to read preferences for realm “{5}”
eventAdmin 10067 DEREFERENCE_REALM Dereference realm
Administrator “{0}” attempted to dereference realm “{4}”
Event Category Action ID Action Key Description Message
34 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10068 CREATE_REPORT_QUERY Create report query
Administrator “{0}” attempted to create report query “{4}” ; to be managed in security domain “{5}”
eventAdmin 10069 DELETE_REPORT_QUERY Delete report query
Administrator “{0}” attempted to delete report query “{4}” ; managed in security domain “{5}”
eventAdmin 10070 UPDATE_REPORT_QUERY Update report query
Administrator “{0}” attempted to update report query “{4}” ; managed in security domain “{5}”
eventAdmin 10071 READ_REPORT_QUERY Read report query Administrator “{0}” attempted to read report query “{4}” ; managed in security domain “{5}”
eventAdmin 10072 SESSION_FORCED_LOGOFF Force session logoff for principal
Administrator “{0}” attempted a forced session logoff for principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 35
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10073 SESSION_FETCH Fetch session for principal
Administrator “{0}” attempted to fetch the session of principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10074 SESSION_MODIFICATION Session attribute modification
Administrator “{0}” modified a session attribute of principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10075 ASSOCIATE_PWD_POLICY_TO_SECURITY_DOMAIN
Associate password policy with security domain
Administrator “{0}” attempted to associate a password policy with a security domain
eventAdmin 10076 ASSOCIATE_LOCKOUT_POLICY_TO_SECURITY_DOMAIN
Associate lockout policy with security domain
Administrator “{0}” attempted to associate a lockout policy with a security domain
eventAdmin 10077 ASSOCIATE_AUTHN_POLICY_TO_SECURITY_DOMAIN
Associate authentication policy with security domain
Administrator “{0}” attempted to associate an authentication policy with a security domain
eventAdmin 10078 DIS_ASSOCIATE_PWD_POLICY_FROM_SECURITY_DOMAIN
Disassociate password policy from security domain
Administrator “{0}” attempted to disassociate a password policy from a security domain
Event Category Action ID Action Key Description Message
36 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10079 DIS_ASSOCIATE_LOCKOUT_POLICY_FROM_SECURITY_DOMAIN
Disassociate lockout policy from security domain
Administrator “{0}” attempted to disassociate a lockout policy from a security domain
eventAdmin 10080 DIS_ASSOCIATE_AUTHN_POLICY_FROM_SECURITY_DOMAIN
Disassociate authentication policy from security domain
Administrator “{0}” attempted to disassociate an authentication policy from a security domain
eventAdmin 10081 CREATE_SELFSERVICE_POLICY
Create self-service troubleshooting policy
Administrator “{0}” attempted to create self-service troubleshooting policy “{4}” ; to be managed in security domain “{5}”
eventAdmin 10082 DELETE_SELFSERVICE_POLICY
Delete self-service troubleshooting policy
Administrator “{0}” attempted to delete self-service troubleshooting policy “{4}” ; managed in security domain “{5}”
eventAdmin 10083 UPDATE_SELFSERVICE_POLICY
Update self-service troubleshooting policy
Administrator “{0}” attempted to update self-service troubleshooting policy “{4}” ; managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 37
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10084 READ_SELFSERVICE_POLICY Read self-service troubleshooting policy
Administrator “{0}” attempted to view self-service troubleshooting policy “{4}” ; managed in security domain “{5}”
eventAdmin 10085 ASSOCIATE_SELFSERVICE_POLICY_TO_SECURITY_DOMAIN
Associate self-service troubleshooting policy with security domain
Administrator “{0}” attempted to associate a self-service troubleshooting policy with a security domain
eventAdmin 10086 DIS_ASSOCIATE_SELFSERVICE_POLICY_FROM_SEC_DOM
Disassociate self-service troubleshooting policy from security domain
Administrator “{0}” attempted to disassociate a self-service troubleshooting policy from a security domain
eventAdmin 10087 UPDATE_SECURITY_QUESTIONS_POLICY
Update security question policy
Administrator “{0}” attempted to update security question policy “{4}” ; managed in security domain “{5}”
eventAdmin 10088 READ_SECURITY_QUESTIONS_POLICY
Read security question policy
Administrator “{0}” attempted to view security question policy “{4}” ; managed in security domain “{5}”
eventAdmin 10089 READ_SECURITY_QUESTIONS_LIST
Read security questions list
Administrator “{0}” attempted to view security questions list ?c{4}”
Event Category Action ID Action Key Description Message
38 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10200 CREATE_TRUST Create trust realm Administrator “{0}” attempted to create trust realm “{4}” ; to be managed in security domain “{5}”
eventAdmin 10201 DELETE_TRUST Delete trust realm Administrator “{0}” attempted to delete trust realm “{4}” ; managed in security domain “{5}”
eventAdmin 10202 UPDATE_TRUST Update trust realm
Administrator “{0}” attempted to update trust realm “{4}” ; managed in security domain “{5}”
eventAdmin 10203 READ_TRUST Read trust realm Administrator “{0}” attempted to read trust realm “{4}” ; managed in security domain “{5}”
eventAdmin 10204 MANAGE_ATTR_CATEGORY Manage attribute category
Administrator “{0}” attempted to manage attribute category“{4}” ; managed in security domain “{5}”
eventAdmin 10205 IMPORT_PWD_DICTIONARY Import Password Dictionary
Administrator “{0}” attempted to import password dictionary “{4}”
eventAdmin 10206 EXPORT_PWD_DICTIONARY Export Password Dictionary
Administrator “{0}” attempted to export password dictionary “{4}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 39
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10207 DELETE_PWD_DICTIONARY Delete Password Dictionary
Administrator “{0}” attempted to delete password dictionary “{4}”
eventAdmin 10208 READ_PWD_DICTIONARY Read Password Dictionary
Administrator “{0}” attempted to read password dictionary “{4}”
eventAdmin 10209 DELETE_BATCH_JOB Delete batch job Administrator “{0}” attempted to delete “{11}” batch job “{4}”
eventAdmin 10210 READ_BATCH_JOB Read batch job Administrator “{0}” attempted to read “{11}” batch job “{4}”
eventAdmin 10211 READ_SCHEDULE_JOB Read scheduled job
Administrator “{0}” attempted to read scheduled “{11}” batch job “{4}”
eventAdmin 10212 ADD_BATCH_JOB Add batch job Administrator “{0}” attempted to add “{11}” batch job “{4}”
eventAdmin 10213 SCHEDULE_BATCH_JOB Schedule batch job
Administrator “{0}” attempted to schedule “{11}” batch job “{4}”
eventAdmin 10214 DELETE_SCHEDULE_JOB Delete scheduled job
Administrator “{0}” attempted to delete scheduled “{11}” job “{4}”
eventAdmin 10215 CANCEL_BATCH_JOB Cancel batch job Administrator “{0}” attempted to cancel “{11}” batch job “{4}”
Event Category Action ID Action Key Description Message
40 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10216 CANCEL_SCHEDULE_JOB Cancel scheduled job
Administrator “{0}” attempted to cancel scheduled “{11}” batch job “{4}”
eventAdmin 10217 READ_REPORT_DATA Read report data Administrator “{0}” attempted to read result of report “{4}” ; managed in security domain “{5}”
eventAdmin 10218 READ_REPORT_META_DATA Read report meta data
Administrator “{0}” attempted to read meta data of report “{4}” ; managed in security domain “{5}”
eventAdmin 10219 CREATE_REPORT_CLASS Create report generation class
Administrator “{0}” attempted to create a report generation instance of “{4}”
eventAdmin 10220 LOOKUP_PRINCIPALS Lookup principals
Administrator “{0}” attempted to lookup principals stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10243 ASSIGN_SYSTEMFIELDS_USER_ROLE
Assign system user an administrator role
Super Administrator “{0}” attempted to assign administrative role “{8}” to system user “{4}”.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 41
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10244 RESET_SYSTEMFIELDS_USER_PASSWORD
Reset system user password
Super Administrator “{0}” attempted to reset system user “{4}” password.
eventAdmin 10245 UNASSIGN_SYSTEMFIELDS_USER_ROLE
Unassign system user an administrator role
Super Administrator “{0}” attempted to unassign administrative role “{8}” from system user “{4}”.
eventAdmin 10246 LIST_SYSTEMFIELDS_USERS List system users Super Administrator “{0}” attempted to list system users with administrative roles such as Operations Console admin.
eventAdmin 10247 CREATE_SYSTEMFIELDS_ROLE
Create system administrator role
Super Administrator “{0}” attempted to create new system administrator role “{4}”. System administrator roles have no attributes other than a name.
eventAdmin 10248 DELETE_SYSTEMFIELDS_ROLE
Delete system administrator role
Super Administrator “{0}” attempted to delete system administrator role “{4}”.
eventAdmin 10249 FIND_ORPHANED_PRINCIPALS_IS_UNSPECIFIED
Find unresolvable users
Administrator “{0}” attempted to find unresolvable users
Event Category Action ID Action Key Description Message
42 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10250 CLEANUP_UNRESOLVED_USERS_IS_UNSPECIFIED
Cleaning unresolvable users
Administrator “{0}” attempted to clean unresolvable users
eventAdmin 10251 REMOVE_UNRESOLVED_PRINCIPAL
Cleaning unresolvable user
Administrator “{0}” cleaned unresolvable user “{4}” from identity source “{6}”
eventAdmin 10252 CLEANUP_UNRESOLVED_USERS_IS_UNSPECIFIED_START
Started manual cleanup of unresolvable users
Administrator “{0}” started cleaning unresolvable users
eventAdmin 10253 CLEANUP_UNRESOLVED_USERS_IS_UNSPECIFIED_END
Completed manual cleanup of unresolvable users
Administrator “{0}” has cleaned unresolvable users
eventAdmin 10254 BATCH_JOB_CLEANUP_UNRESOLVED_USERS_GROUPS_START
Started scheduled cleanup of unresolvable users and groups
System started scheduled cleanup of unresolvable users and groups
eventAdmin 10255 BATCH_JOB_CLEANUP_UNRESOLVED_USERS_GROUPS_END
Completed scheduled cleanup of unresolvable users and groups
System has completed scheduled cleanup of unresolvable users and groups
eventAdmin 10256 BATCH_JOB_CLEANUP_UNRESOLVED_USERS_GROUPS_ERRORS
Errors occured during scheduled cleanup of unresolvable users and groups
System has completed scheduled cleanup of unresolvable users and groups ; but cleanup did not complete normally. Consult the system log for more details.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 43
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10257 REMOVE_UNRESOLVED_GROUP
Cleaning unresolvable group
Administrator “{0}” cleaned unresolvable group “{4}” from identity source “{6}”
eventAdmin 10258 MARK_UNRESOLVABLE_USER
Marking user as unresolvable
User “{4}” is missing from identity source “{6}”. Marking user as unresolvable.
eventAdmin 10259 MOVE_PRINCIPAL_ACROSS_IDENTITYSOURCE
User moved across identity sources
User “{4}” has been moved from identity source “{6}” to identity source “{11}” as a result of an update made to the directory server.
eventAdmin 10260 TEST_IDENTITY_SOURCE_CONN_FAILED
Cannot test the connection to the directory server.
The administrator “{0}” attempting to test the connection does not have permission to perform the test.
eventAdmin 10261 SEARCH_GROUP Search groups Administrator “{0}” attempted to search groups in identity source “{4}”
eventAdmin 10262 CREATE_RBA_POLICY Create RBA policy
Administrator “{0}” attempted to create RBA policy “{4}” ; to be managed in security domain “{5}”
Event Category Action ID Action Key Description Message
44 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10263 DELETE_RBA_POLICY Delete RBA policy
Administrator “{0}” attempted to delete RBA policy “{4}” ; managed in security domain “{5}”
eventAdmin 10264 UPDATE_RBA_POLICY Update RBA policy
Administrator “{0}” attempted to update RBA policy “{4}” ; managed in security domain “{5}”
eventAdmin 10265 READ_RBA_POLICY Read RBA policy Administrator “{0}” attempted to view RBA policy “{4}” ; managed in security domain “{5}”
eventAdmin 10266 ASSOCIATE_RBA_POLICY_TO_SECURITY_DOMAIN
Associate RBA policy with security domain
Administrator “{0}” attempted to associate a RBA policy with a security domain
eventAdmin 10267 DIS_ASSOCIATE_RBA_POLICY_FROM_SEC_DOM
Disassociate RBA policy from security domain
Administrator “{0}” attempted to disassociate a RBA policy from a security domain
eventAdmin 10268 CLEAR_DEVICE_BINDINGS Clear device bindings for principal
Administrator “{0}” attempted to clear device bindings for principal “{4}” ; stored in identity source “{6}” and managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 45
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10269 MANAGE_SECURITY_DOMAIN_MAPPINGS
Manage Security Domain Mappings for IS
Administrator “{0}” attempted to manage security domain mappings for Identity Source
eventAdmin 10270 ENABLE_PRINCIPALS_FOR_RBA
Enable principals for RBA
Administrator “{0}” attempted to enable multiple principals for RBA
eventAdmin 10271 UPDATE_SECURITY_QUESTIONS_LIST
Update Security Questions
Administrator “{0}” attempted to update Security Questions
eventAdmin 10272 ENABLE_PRINCIPAL_FOR_RBA
Enable principal for RBA
Administrator “{0}” attempted to enable principal “{4}” for RBA ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10273 ADD_CERTIFICATE Add certificate Administrator “{0}” attempted to add certificate “{4}”
eventAdmin 10274 DELETE_CERTIFICATE Delete certificate Administrator “{0}” attempted to delete certificate “{11}”
eventAdmin 10275 READ_CERTIFICATE Read certificate Administrator “{0}” attempted to read certificate “{4}”
eventAdmin 10276 UPDATE_CERTIFICATE Update certificate Administrator “{0}” attempted to update certificate “{4}”
Event Category Action ID Action Key Description Message
46 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10277 ADD_WEBTIER_DEPLOYMENT
Add Webtier Deployment
Administrator “{0}” attempted to add WebTier Deployment “{4}”
eventAdmin 10278 UPDATE_WEBTIER_DEPLOYMENT
Update Webtier Deployment
Administrator “{0}” attempted to update WebTier Deployment “{4}”
eventAdmin 10279 DELETE_WEBTIER_DEPLOYMENT
Delete Webtier Deployment
Administrator “{0}” attempted to delete WebTier Deployment “{4}”
eventAdmin 10280 GENERATE_WEBTIER_PACKAGE
Generate Webtier Package
Administrator “{0}” attempted to generate WebTier package for “{4}”
eventAdmin 10282 ADD_SERVER_NODE Add Server Node Administrator “{0}” attempted to add a server node with hostname “{4}” to the cluster
eventAdmin 10283 REMOVE_SERVER_NODE Remove Server Node
Administrator “{0}” attempted to remove a server node with hostname “{4}” from the cluster
eventAdmin 10284 REMOVE_SECURITY_QUESTION_ANSWERS
Remove Security Question Answers
User “{0}” attempted to remove Security Question Answers
eventAdmin 10285 UPDATE_SECURITY_QUESTION_ANSWERS
Update Security Question Answers
User “{0}” attempted to update Security Question Answers
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 47
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10286 DISABLE_PRINCIPAL_FOR_RBA
Disable principal for RBA
Administrator “{0}” attempted to disable principal “{4}” for RBA ; stored in identity source “{6}” and managed in security domain “{5}”
eventAdmin 10287 UPDATE_PRINCIPAL_LOGINUID
Update User ID System attempted to update the User ID for principal “{4}” to “{11}” as a result of an update made to the directory server. The principal is stored in identity source “{6}” and managed in security domain “{5}”.
eventAdmin 10288 UPDATE_PRINCIPAL_EXUID Update unique identifier
System attempted to update the unique identifier for principal “{4}” as a result of an update made to the directory server. The principal is stored in identity source “{6}” and managed in security domain “{5}”.
Event Category Action ID Action Key Description Message
48 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10289 MOVE_PRINCIPAL_WITHIN_IDENTITYSOURCE
User moved within identity source
System attempted to update the DN for principal “{4}” because the principal was moved in the directory server. The principal is stored in identity source “{6}” and managed in security domain “{5}”.
eventAdmin 10290 UPDATE_PRINCIPAL_FOR_LDAP_CHANGE
Update principal System attempted to update principal “{4}” based on changes made in identity source “{6}”.
eventAdmin 10291 RESTORE_ADMIN Restore admin System attempted to create Super Admin “{11}” using restore admin utility.
eventAdmin 10292 CREATE_SYSTEMFIELDS_USER
Create system user
Super Administrator “{0}” attempted to create system user “{4}”. System user accounts have no attributes other than a userID and password.
eventAdmin 10293 DELETE_SYSTEMFIELDS_USER
Delete system user
Super Administrator “{0}” attempted to delete system user “{4}”. System user accounts have no attributes other than a userID and password.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 49
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 10294 UPDATE_WEBTIER_CUSTOMIZATION
Update Webtier Customization
Administrator “{0}” attempted to update WebTier Customization Configuration “{4}”
eventAdmin 20001 CREATE_AM_PRINCIPAL Create Principal Administrator “{0}” attempted to create principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20002 UPDATE_AM_PRINCIPAL Update Principal User “{0}” attempted to update principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20003 DELETE_AM_PRINCIPAL Delete Principal Administrator “{0}” attempted to delete principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20004 READ_AM_PRINCIPAL_EMERGENCY_ACCESS_INFO
Read Principal Emergency Access Info
Administrator “{0}” attempted to read principal emergency access info “{4}” stored in identity source “{6}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
50 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20005 CLEARBADPASSCODES Clear Bad Passcodes
Administrator “{0}” attempted to clear bad passcodes “{4}” managed in security domain “{5}”
eventAdmin 20006 READ_AM_TOKEN_OFFLINE_EMERGENCY_ACCESS_INFO
Read Token Offline Emergency Access Info
Administrator “{0}” attempted to read offline emergency access info for token “{4}” managed in security domain “{5}”
eventAdmin 20007 READ_AM_TOKEN_ONLINE_EMERGENCY_ACCESS_INFO
Read Token Online Emergency Access Info
Administrator “{0}” attempted to read online emergency access info for token “{4}” managed in security domain “{5}”
eventAdmin 20008 UPDATE_AM_TOKEN_ONLINE_EMERGENCY_ACCESS_INFO
Update Token Online Emergency Access Info
Administrator “{0}” attempted to update online emergency access info for token “{4}” managed in security domain “{5}”
eventAdmin 20009 AM_TOKEN_ENABLED Enable Token Administrator “{0}” attempted to enable token “{4}” managed in security domain “{5}”.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 51
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20010 AM_TOKEN_DISABLED Disable Token Administrator “{0}” attempted to disable token “{4}” managed in security domain “{5}”
eventAdmin 20011 AM_CLEAR_TOKEN_PIN Clear Token Pin Administrator “{0}” attempted to clear pin for token “{4}” managed in security domain “{5}”
eventAdmin 20012 AM_SET_NEW_PIN_MODE Set New Pin Mode
Administrator “{0}” attempted to set new pin mode for token “{4}” managed in security domain “{5}”
eventAdmin 20013 AM_RESET_PIN Reset Token Pin Administrator “{0}” attempted to reset token pin “{4}” managed in security domain “{5}”
eventAdmin 20014 AUTHMGR_AGENT_CREATE Create Agent Administrator “{0}” attempted to create agent “{4}” managed in security domain “{5}”
eventAdmin 20015 AM_ASSIGN_FIXED_PASSCODE
Assign Fixed Passcode
Administrator “{0}” attempted to assign a fixed passcode for token “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
52 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20016 AM_UNASSIGN_FIXED_PASSCODE
Unassign Fixed Passcode
Administrator “{0}” attempted to unassign a fixed passcode for token “{4}” managed in security domain “{5}”
eventAdmin 20017 AUTHMGR_AGENT_DELETE Delete Agent Administrator “{0}” attempted to delete agent “{4}” managed in security domain “{5}”
eventAdmin 20018 AUTHMGR_AGENT_ENABLE Enable Agent Administrator “{0}” attempted to enable agent “{4}” managed in security domain “{5}”
eventAdmin 20019 AUTHMGR_AGENT_READ Read Agent Administrator “{0}” attempted to read agent “{4}” managed in security domain “{5}”
eventAdmin 20020 AUTHMGR_AGENT_UPDATE Update Agent Administrator “{0}” attempted to update agent “{4}” managed in security domain “{5}”
eventAdmin 20021 AUTHMGR_AGENT_LINK_APSLIST
Link Agent and Agent Protocol Server List
Administrator “{0}” attempted to link agent “{4}” managed in security domain “{5}” with agent protocol server list “{8}” managed in security domain “{9}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 53
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20024 READ_AM_PRINCIPAL Read Principal Administrator “{0}” attempted to read principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20025 IMPORT_TOKEN Import Token Administrator “{0}” attempted to import token “{4}” managed in security domain “{5}”
eventAdmin 20026 CREATE_AM_TOKEN Create Token Administrator “{0}” attempted to create token “{4}” managed in security domain “{5}”
eventAdmin 20027 UPDATE_AM_TOKEN Update Token Administrator “{0}” attempted to update token “{4}” managed in security domain “{5}”
eventAdmin 20028 DELETE_AM_TOKEN Delete Token Administrator “{0}” attempted to delete token “{4}” managed in security domain “{5}”
eventAdmin 20029 SEARCH_AM_TOKEN Search Token Administrator “{0}” attempted to search for tokens managed in security domain “{5}”
Event Category Action ID Action Key Description Message
54 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20030 NEXT_AVAILABLE_AM_TOKEN
Get Next Available Token
Administrator “{0}” attempted to get the next available token managed in security domain “{5}”
eventAdmin 20031 AUTHMGR_TOKEN_ATTRIBUTE_DELETE
Delete Token Attribute
Administrator “{0}” attempted to delete attribute token “{4}” managed in security domain “{5}”
eventAdmin 20032 AUTHMGR_TOKEN_ATTRIBUTE_CREATE
Create Token Attribute
Administrator “{0}” attempted to create attribute for token “{4}” managed in security domain “{5}”
eventAdmin 20033 AUTHMGR_TOKEN_ATTRIBUTE_UPDATE
Update Token Attribute
Administrator “{0}” attempted to update attribute for token “{4}” managed in security domain “{5}”
eventAdmin 20034 AUTHMGR_CR_TRUSTED_REALM_CREATE
Create Trusted Realm
Administrator “{0}” attempted to create trusted realm “{4}” stored in identity source “{6}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 55
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20035 AUTHMGR_CTKIP_AUTHCODE_CREATE
Create CTKIP Authcode
Administrator “{0}” attempted to create CTKIP authcode “{4}” managed in security domain “{5}”
eventAdmin 20036 AUTHMGR_CTKIP_AUTHCODE_DELETE
Delete CTKIP Authcode
Administrator “{0}” attempted to delete CTKIP authcode “{4}” managed in security domain “{5}”
eventAdmin 20037 AUTHMGR_CTKIP_AUTHCODE_READ
Read CTKIP Authcode
Administrator “{0}” attempted to read CTKIP authcode “{4}” managed in security domain “{5}”
eventAdmin 20038 AUTHMGR_CTKIP_MANAGEMENT
Manage CTKIP Administrator “{0}” attempted to manage CTKIP “{4}” managed in security domain “{5}”
eventAdmin 20039 AUTHMGR_TOKEN_SET_TOKENCODE_ONLY_PINTYPE
Set Tokencode only
Administrator “{0}” attempted to set tokencode only pintype for token “{4}” managed in security domain “{5}”
eventAdmin 20040 AUTHMGR_TOKEN_SET_PASSCODE_PINTYPE
Set Token Passcode Pin type
Administrator “{0}” attempted to set passcode pin type for token “{4}” in security domain “{5}”
Event Category Action ID Action Key Description Message
56 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20041 SYNC_TOKENS Sync Token Administrator “{0}” attempted to sync token “{4}” managed in security domain “{5}”
eventAdmin 20042 READ_AM_TOKEN_EMERGENCY_ACCESS_INFO
Read Token Emergency Access Info
Administrator “{0}” attempted to read token emergency access “{4}” info managed in security domain “{5}”
eventAdmin 20043 READ_TOKEN Read Token Administrator “{0}” attempted to read token “{4}” managed in security domain “{5}”
eventAdmin 20044 UPDATE_AM_TOKEN_OFFLINE_EMERGENCY_ACCESS_INFO
Update Token Offline Emergency Access Info
Administrator “{0}” attempted to update offline emergency acess info for token “{4}” managed in security domain “{5}”
eventAdmin 20045 AM_LINK_TOKEN_PRINCIPAL Link Token with Principal
Administrator “{0}” attempted to link token “{4}” managed in security domain “{5}” with principal “{8}” stored in identity source “{10}” managed in security domain “{9}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 57
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20046 AM_UNLINK_TOKEN_PRINCIPAL
Unlink Token with Principal
Administrator “{0}” attempted to unlink token “{4}” managed in security domain “{5}” with principal “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20047 AUTHMGR_TOKEN_STAT_SEARCH
Search Token Statistics
Administrator “{0}” attempted to search for token statistics managed in security domain “{5}” with principal “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20048 AUTHMGR_OFFLINE_AUTHN_POLICY_CREATE
Create Offline Authentication Policy
Administrator “{0}” attempted to create offline authentication policy “{4}” managed in security domain “{5}”
eventAdmin 20049 AUTHMGR_OFFLINE_AUTHN_POLICY_DELETE
Delete Offline Authentication Policy
Administrator “{0}” attempted to delete offline authentication policy “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
58 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20050 AUTHMGR_OFFLINE_AUTHN_POLICY_READ
Read Offline Authentication Policy
Administrator “{0}” attempted to read offline authentication policy “{4}” managed in security domain “{5}”
eventAdmin 20051 AUTHMGR_OFFLINE_AUTHN_POLICY_UPDATE
Update Offline Authentication Policy
Administrator “{0}” attempted to update offline authentication policy “{4}” managed in security domain “{5}”
eventAdmin 20052 AUTHMGR_TOKEN_POLICY_CREATE
Create Token Policy
Administrator “{0}” attempted to create token policy “{4}” managed in security domain “{5}”
eventAdmin 20053 AUTHMGR_TOKEN_POLICY_UPDATE
Update Token Policy
Administrator “{0}” attempted to update token policy “{4}” managed in security domain “{5}”
eventAdmin 20054 AUTHMGR_TOKEN_POLICY_DELETE
Delete Token Policy
Administrator “{0}” attempted to delete token policy “{4}” managed in security domain “{5}”
eventAdmin 20055 AUTHMGR_TOKEN_POLICY_READ
Read Token Policy
Administrator “{0}” attempted to read token policy “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 59
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20056 INSUFFICIENT_PRIVILEGE Insufficient Privilege
Administrator “{0}” attempted an action having insufficient privileges
eventAdmin 20057 AUTHMGR_AGENT_GROUP_LINK_UNLINK
Link or Unlink Agent with Group
Administrator “{0}” attempted to link agent “{4}” managed in security domain “{5}” with group “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20058 AUTHMGR_AGENT_GROUP_LINK
Link Agent with Group
Administrator “{0}” attempted to link agent “{4}” managed in security domain “{5}” with group “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20059 AUTHMGR_AGENT_GROUP_UNLINK
UnLink Agent with Group
Administrator “{0}” attempted to unlink agent “{4}” managed in security domain “{5}” with group “{8}” stored in identity source “{10}” managed in security domain “{9}”
Event Category Action ID Action Key Description Message
60 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20060 AUTHMGR_AGENT_DISABLE Disable Agent Administrator “{0}” attempted to disable agent “{4}” managed in security domain “{5}”
eventAdmin 20061 AUTHMGR_NODE_SECRET_EXPORTED
Agent Node Secret Export
Administrator “{0}” attempted to export node secret file for agent “{4}” managed in security domain “{5}”
eventAdmin 20062 AUTHMGR_AGENT_MOVED Move Agent Administrator “{0}” attempted to move agent “{4}” managed in security domain “{5}”
eventAdmin 20063 AUTHMGR_AGENT_CLEAR_NODESECRET
Clear Agent Node Secret
Administrator “{0}” attempted to clear node secret for agent “{4}” managed in security domain “{5}”
eventAdmin 20064 AUTHMGR_APS_LOOKUP Lookup Agent Protocol Server
Administrator “{0}” attempted to lookup Agent Protocol Server “{4}” managed in security domain “{5}”
eventAdmin 20065 AUTHMGR_APS_GENERATE_CONFIG
Generate Agent Protocol Server Config
Administrator “{0}” attempted to generate Agent Protocol Server Config “{4}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 61
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20066 AUTHMGR_APS_CREATE Create Agent Protocol Server
Administrator “{0}” attempted to create Agent Protocol Server “{4}” managed in security domain “{5}”
eventAdmin 20067 AUTHMGR_APS_DELETE Delete Agent Protocol Server
Administrator “{0}” attempted to delete Agent Protocol Server “{4}” managed in security domain “{5}”
eventAdmin 20068 AUTHMGR_APS_UPDATE Update Agent Protocol Server
Administrator “{0}” attempted to update Agent Protocol Server “{4}” managed in security domain “{5}”
eventAdmin 20069 AUTHMGR_APS_LOOKUP_BY_IP
Lookup Agent Protocol Server by IP
Administrator “{0}” attempted to lookup Agent Protocol Server by IP “{4}” managed in security domain “{5}”
eventAdmin 20070 AUTHMGR_APS_LIST_CREATE
Create Agent Protocol Server List
Administrator “{0}” attempted to create Agent Protocol Server list “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
62 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20071 AUTHMGR_APS_LIST_DELETE
Delete Agent Protocol Server List
Administrator “{0}” attempted to delete Agent Protocol Server List “{4}” managed in security domain “{5}”
eventAdmin 20072 AUTHMGR_APS_LIST_UPDATE
Update Agent Protocol Server List
Administrator “{0}” attempted to update Agent Protocol Server List “{4}” managed in security domain “{5}”
eventAdmin 20073 AUTHMGR_APS_LIST_LOOKUP
Lookup Agent Protocol Server List
Administrator “{0}” attempted to lookup Agent Protocol Server List “{4}” managed in security domain “{5}”
eventAdmin 20074 AUTHMGR_HOST_CREATE Create Host Administrator “{0}” attempted to create host “{4}” managed in security domain “{5}”
eventAdmin 20075 AUTHMGR_HOST_DELETE Delete Host Administrator “{0}” attempted to delete host “{4}” managed in security domain “{5}”
eventAdmin 20076 AUTHMGR_HOST_UPDATE Update Host Administrator “{0}” attempted to update host “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 63
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20077 AUTHMGR_HOST_LOOKUP Update Host Administrator “{0}” attempted to lookup host “{4}” managed in security domain “{5}”
eventAdmin 20078 AUTHMGR_HOST_LOOKUP_BY_IP
Update Host By IP
Administrator “{0}” attempted to lookup host by IP “{4}” managed in security domain “{5}”
eventAdmin 20079 AUTHMGR_HOST_LOOKUP_BY_IPPROXY
Update Host By IP Proxy
Administrator “{0}” attempted to lookup host by IP proxy “{4}” managed in security domain “{5}”
eventAdmin 20080 AUTHMGR_HOST_FIND_INSENSITIVE
Find Host Case Insensitive
Administrator “{0}” attempted to find host case insensitive “{4}” managed in security domain “{5}”
eventAdmin 20081 AUTHMGR_FILE_CREATE Create File Data Administrator “{0}” attempted to create file “{4}” managed in security domain “{5}”
eventAdmin 20082 AUTHMGR_FILE_READ Read File Data Administrator “{0}” attempted to read file “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
64 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20083 AUTHMGR_FILE_DELETE Delete File Data Administrator “{0}” attempted to delete file “{4}” managed in security domain “{5}”
eventAdmin 20084 AUTHMGR_FILE_UPDATE Update File Data Administrator “{0}” attempted to update file “{4}” managed in security domain “{5}”
eventAdmin 20085 AUTHMGR_REALM_ADD Create Realm Administrator “{0}” attempted to create realm “{4}” managed in security domain “{5}”
eventAdmin 20086 AUTHMGR_OFFLINE_ADMIN_POLICY_ACTION
Offline Admin Policy Action
Administrator “{0}” attempted to manipulate admin policy “{4}” managed in security domain “{5}”
eventAdmin 20087 AUTH_NODE_SECRET_FILE_DOWNLOADED
Download Agent Node Secret File
Administrator “{0}” attempted to download node secret file for agent “{4}” managed in security domain “{5}”
eventAdmin 20088 AUTHMGR_SERVER_CONFIG_DOWNLOAD
Download Agent Protocol Server Config
Administrator “{0}” attempted to download Agent Protocol Server Config “{4}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 65
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20089 EXPORT_SOFT_TOKEN Export Soft Token
Administrator “{0}” attempted to export soft token “{4}” managed in security domain “{5}”
eventAdmin 20090 AUTHMGR_SD_PREDELETE_VALIDATION
Validate Predelete Administrator “{0}” attempted to validate predeleted security domain properties
eventAdmin 20091 AUTHMGR_REALM_PREDELETE_TOKEN_ATTR_DELETE
Delete Token attributes from Security Domain
Administrator “{0}” attempted to delete token attributes “{4}” managed in security domain “{5}”
eventAdmin 20092 AUTHMGR_REALM_PREDELETE_TOKEN_DELETE
Delete Token from Security Domain
Administrator “{0}” attempted to delete token “{4}” managed in security domain “{5}”
eventAdmin 20093 AUTHMGR_REALM_PREDELETE_HOST_DELETE
Delete Host from Security Domain
Administrator “{0}” attempted to delete host “{4}” managed in security domain “{5}”
eventAdmin 20094 AUTHMGR_REALM_PREDELETE_AGENT_DELETE
Delete Agent from Security Domain
Administrator “{0}” attempted to delete agent “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
66 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20095 CTKIP_GENERATE_KEY Generate CTKIP Key
Administrator “{0}” attempted to generate CTKIP key for CTKIP data “{4}” managed in security domain “{5}”
eventAdmin 20096 AM_REPORT_GENERATE_PRINCIPAL_NEVER_LOGGED_IN
Principal Never Logged In Report
Attempting to generate a report for principals who have never logged in using their tokens
eventAdmin 20097 AM_REPORT_SECDOMAIN_LOOKUP
Lookup Security Domain for Reporting
Looking up a security domain for reporting
eventAdmin 20098 AM_REPORT_IDENTITY_LOOKUP
Lookup Identity Source for Reporting
Looking up an identity source for reporting
eventAdmin 20099 SD_OAPOL_ASSOC Apply Offline Authentication Policy to Security Domain
Applying an offline authentication policy to a security domain
eventAdmin 20100 SD_OAPOL_DISASSOC Apply Realm Default Offline Authentication Policy to Security Domain
Applying the realm default offline authentication policy to a security domain
eventAdmin 20101 SD_TKNPOL_ASSOC Apply Token Policy to Security Domain
Applying a token policy to a security domain
eventAdmin 20102 SD_TKNPOL_DISASSOC Apply Realm Default Token Policy to Security Domain
Applying the realm default token policy to a security domain
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 67
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20103 AM_TOKEN_GENERATE_ONLINE_EA
Generate Emergency Access Code
Administrator “{0}” attempted to generate an emergency access code for principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20104 AUTHMGR_APS_SYNCHRONIZATION
Agent Protocol Server Synchronization
Administrator “{0}” attempted to synchronize agent protocol servers
eventAdmin 20105 LINK_UNLINK_TOKEN_PRINCIPAL
Link or Unlink Token and Principal
Administrator “{0}” attempted to link or unlink token “{4}” managed in security domain “{5}” with principal “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20106 MIGRATION_INSUFFICIENT_PRIVILEGE
Migration Inusfficient Privilege
Administrator “{0}” does not have sufficient privileges to perform migration
eventAdmin 20107 AUTHMGR_CREATE_GROUP_RESTRICTED_ACCESS_HOURS
Create Time Restricted Access Hours
Administrator “{0}” attempted to create Time Restricted Access Hours “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
68 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20108 AUTHMGR_UPDATE_GROUP_RESTRICTED_ACCESS_HOURS
Update Time Restricted Access Hours
Administrator “{0}” attempted to update Time Restricted Access Hours “{4}” managed in security domain “{5}”
eventAdmin 20109 AUTHMGR_READ_GROUP_RESTRICTED_ACCESS_HOURS
Read Time Restricted Access Hours
Administrator “{0}” attempted to read Time Restricted Access Hours “{4}” managed in security domain “{5}”
eventAdmin 20110 TRUSTED_USER_GROUP_CREATE
Create Trusted User Group
Administrator “{0}” attempted to create Trusted User Group “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20111 TRUSTED_USER_GROUP_UPDATE
Update Trusted User Group
Administrator “{0}” attempted to update Trusted User Group “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20112 TRUSTED_USER_GROUP_DELETE
Delete Trusted User Group
Administrator “{0}” attempted to delete Trusted User Group “{4}” stored in identity source “{6}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 69
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20113 TRUSTED_USER_GROUP_READ
Lookup a Trusted User Group
Administrator looked up a trusted user group
eventAdmin 20114 TRUSTED_USER_GROUP_REMOTE_PRINCIPAL_LINK
Link a Trusted User Group to a Trusted User
Administrator “{0}” attempted to link trusted user “{4}” stored in identity source “{6}” managed in security domain “{5}” with trusted user group “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20115 TRUSTED_USER_GROUP_AGENT_UNLINK
Unlink a Trusted User Group to an Agent
Administrator “{0}” attempted to unlink agent “{4}” managed in security domain “{5}” with trusted user group “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20116 TRUSTED_USER_GROUP_PROFILE_LINK_UNLINK
Link a Trusted User Group to a Profile
Administrator linked a trusted user group to a profile
eventAdmin 20117 REMOTE_PRINCIPAL_CREATE Create Trusted User
Administrator “{0}” attempted to create trusted user “{4}” for trusted realm “{11}” managed in local security domain “{5}”
Event Category Action ID Action Key Description Message
70 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20118 REMOTE_PRINCIPAL_UPDATE Update Trusted User
Administrator “{0}” attempted to update trusted user “{4}” for trusted realm “{11}” managed in local security domain “{5}”
eventAdmin 20119 REMOTE_PRINCIPAL_DELETE Delete Trusted User
Administrator “{0}” attempted to delete trusted user “{4}” for trusted realm “{11}” managed in local security domain “{5}”
eventAdmin 20120 REMOTE_PRINCIPAL_READ Look up Trusted User
Administrator “{0}” attempted to look up trusted user “{4}” for trusted realm “{11}” managed in local security domain “{5}”
eventAdmin 20121 AM_TIME_RESTRICTED_ACCESS_ADD
Add Time Restricted Access to a Group
Administrator “{0}” added Time Restricted Access to Group “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20122 AM_TIME_RESTRICTED_ACCESS_UPDATE
Update Time Restricted Access for a Group
Administrator “{0}” updated Time Restricted Access for Group “{4}” stored in identity source “{6}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 71
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20123 AM_TIME_RESTRICTED_ACCESS_DELETE
Delete Time Restricted Access from a Group
Administrator “{0}” deleted Time Restricted Access from Group “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20124 AUTHMGR_TOKENTYPES_MANAGEMENT
Manage TokenType and SoftTokenDeviceType
Administrator “{0}” attempted to manage TokenType and SoftTokenDeviceType “{4}” managed in security domain “{5}”
eventAdmin 20125 AUTHMGR_SELFSERVICETOKEN_MANAGEMENT
Manage SelfServiceToken
Administrator “{0}” attempted to manage SelfServiceToken
eventAdmin 20126 REMOTE_PRINCIPAL_ATTR_VALUE_CREATE
Create a Trusted User Attribute
Administrator created a trusted user Attribute
eventAdmin 20127 REMOTE_PRINCIPAL_ATTR_VALUE_UPDATE
Update a Trusted User Attribute
Administrator updated a trusted User Attribute
eventAdmin 20128 REMOTE_PRINCIPAL_ATTR_VALUE_DELETE
Delete a Trusted User Attribute
Administrator deleted a trusted user Attribute
eventAdmin 20129 REMOTE_PRINCIPAL_ATTR_VALUE_READ
Look up a Trusted User Attribute
Administrator looked up a trusted user Attribute
Event Category Action ID Action Key Description Message
72 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20130 DISABLE_EMERGENCY_ACCESS
Disabled emergency access
Administrator “{0}” disabled emergency access for the token “{4}” managed in security domain “{5}” that belongs to the principal “{8}” stored in identity source “{10}” and managed in security domain “{9}”.
eventAdmin 20131 ENABLED_EA_FIXED_TOKENCODE
Token marked as lost. Enabled emergency access fixed token code.
Administrator “{0}” marked token “{4}” managed in security domain “{5}” that belongs to the principal “{8}” stored in identity source “{10}” and managed in security domain “{9}” as lost. Enabled emergency access fixed token code.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 73
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20132 ENABLED_EA_ONE_TIME_TOKENCODE
Token marked as lost. Enabled emergency access one time token code.
Administrator “{0}” marked token “{4}” managed in security domain “{5}” that belongs to the principal “{8}” stored in identity source “{10}” and managed in security domain “{9}” as lost. Enabled emergency access one time token code.
eventAdmin 20133 UPDATE_EA_FIXED_TOKENCODE
Updated emergency access fixed token code.
Administrator “{0}” updated emergency access fixed token code for the token “{4}” managed in security domain “{5}” that belongs to the principal “{8}” stored in identity source “{10}” and managed in security domain “{9}”.
Event Category Action ID Action Key Description Message
74 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20134 UPDATE_EA_ONE_TIME_TOKENCODE
Updated emergency access one time token code.
Administrator “{0}” updated emergency access one time token code for the token “{4}” managed in security domain “{5}” that belongs to the principal “{8}” stored in identity source “{10}” and managed in security domain “{9}”.
eventAdmin 20135 GENERATED_EA_FIXED_TOKENCODE
Generated emergency access fixed token code.
Administrator “{0}” generated emergency access fixed token code for the token “{4}” managed in security domain “{5}”.
eventAdmin 20136 GENERATED_EA_ONE_TIME_TOKENCODE
Generated emergency access one time token code.
Administrator “{0}” generated emergency access one time token code for the token “{4}” managed in security domain “{5}”.
eventAdmin 20137 TRUSTED_USER_GROUP_ACCESS_HOURS_LINK_UNLINK
Link a Trusted User Group to a Time Restricted Access Hours
Administrator linked a trusted user group to a time restricted access hours
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 75
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20138 AM_LINK_SOFT_TOKEN_DEVICE_TYPE
Link Software Token with Software Token Device Type Definition
Administrator “{0}” attempted to link software token “{4}” managed in security domain “{5}” with software token device type definition “{8}” stored in system
eventAdmin 20139 AM_UNLINK_SOFT_TOKEN_DEVICE_TYPE
Unlink Software Token from Software Token Device Type Definition
Administrator “{0}” attempted to unlink software token “{4}” managed in security domain “{5}” with software token device type definition “{8}” stored in system
eventAdmin 20140 AM_TURN_ON_EVENTTOKEN_DB_RECOVERY
Turn on the database recovery mode for event-based tokens
Administrator “{0}” attempted to turn on event token database recovery mode
eventAdmin 20141 AM_TURN_OFF_EVENTTOKEN_DB_RECOVERY
Turn off the database recovery mode for event-based tokens
Administrator “{0}” attempted to turn off event token database recovery mode
eventAdmin 20142 AM_RADIUS_ATTRDEF_CREATE
Create new RADIUS Attribute Definition
Administrator “{0}” attempted to create a new RADIUS Attribute Definition
eventAdmin 20143 AM_RADIUS_ATTRDEF_UPDATE
Update a RADIUS Attribute Definition
Administrator “{0}” attempted to update a RADIUS Attribute Definition
Event Category Action ID Action Key Description Message
76 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20144 AM_RADIUS_ATTRDEF_DELETE
Delete a RADIUS Attribute Definition
Administrator “{0}” attempted to delete a RADIUS Attribute Definition
eventAdmin 20145 AM_RADIUS_ATTRDEF_READ View RADIUS Attribute Definition
Administrator “{0}” attempted to view a RADIUS Attribute Definition
eventAdmin 20146 DISTRIBUTE_SOFT_TOKEN_CTKIP
Distribute Soft Token through CT-KIP
Administrator “{0}” attempted to distribute software token “{4}” through CT-KIP managed in security domain “{5}”
eventAdmin 20147 AM_ENABLE_PRINCIPAL_FOR_SMS
Enabled Principal for On-Demand Authentication
Administrator “{0}” attempted to enable principal “{4}” stored in identity source “{6}” managed in security domain “{5}” for On-Demand Authentication
eventAdmin 20148 AM_DISABLE_PRINCIPAL_FOR_SMS
Disabled Principal for On-Demand Authentication
Administrator “{0}” attempted to disable principal “{4}” stored in identity source “{6}” managed in security domain “{5}” for On-Demand Authentication
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 77
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20149 AM_RADIUS_ATTRVAL_MANAGE
Manage RADIUS Attribute Values
Administrator “{0}” modified RADIUS Attribute Values for principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20150 AM_UPDATE_SMS_FOR_PRINCIPAL
Updated On-Demand Authentication Attributes for Principal
Administrator “{0}” attempted to update On-Demand Authentication for principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20151 MANAGE_SMS_AUTHENTICATOR
Manage On-Demand Authenticator
Administrator “{0}” attempted to manage On-Demand Authenticator for principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20152 MANAGE_SMS_PIN Update On-Demand PIN
Administrator “{0}” attempted to set On-Demand PIN for principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
78 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20153 IMPORT_SOFT_TOKEN_DEVICE_TYPE
Import Software Token Device Definition
Administrator “{0}” attempted to import new software token device definition package file
eventAdmin 20154 AM61_MIGRATED_LOG_MESSAGE
AM61 Migrated log message
AM61 Migrated log message
eventAdmin 20155 MANAGE_PUK_LOOKUP Manage Pin Unlock Key (PUK)
Administrator “{0}” attempted to lookup PUK data for token “{4}” managed in security domain “{5}”
eventAdmin 20156 AM_TOKEN_ATTRDEF_CREATE
Create new Token Attribute Definition
Administrator “{0}” attempted to create a new Token Attribute Definition
eventAdmin 20157 AM_TOKEN_ATTRDEF_UPDATE
Update a Token Attribute Definition
Administrator “{0}” attempted to update a Token Attribute Definition
eventAdmin 20158 AM_TOKEN_ATTRDEF_DELETE
Delete a Token Attribute Definition
Administrator “{0}” attempted to delete a Token Attribute Definition
eventAdmin 20159 AM_TOKEN_ATTRDEF_READ View Token Attribute Definition
Administrator “{0}” attempted to view a Token Attribute Definition
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 79
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20160 REALM_SETTINGS_CREATE Create Realm Settings
Administrator “{0}” attempted to create Realm Settings for security domain “{5}”
eventAdmin 20161 REALM_SETTINGS_DELETE Delete Realm Settings
Administrator “{0}” attempted to delete Realm Settings for security domain “{5}”
eventAdmin 20162 REALM_SETTINGS_UPDATE Update Realm Settings
Administrator “{0}” attempted to update Realm Settings “{11}” for security domain “{5}”
eventAdmin 20163 REALM_SETTINGS_READ Lookup Realm Settings
Administrator “{0}” attempted to look up Realm Settings for security domain “{5}”
eventAdmin 20164 AM_RADIUS_CREATE_CLIENT
Create RADIUS Client
Administrator “{0}” attempted to create RADIUS client “{4}” stored in managed in security domain “{5}”
eventAdmin 20165 AM_RADIUS_VIEW_CLIENT View RADIUS Client
Administrator “{0}” attempted to view RADIUS client “{4}” stored in managed in security domain “{5}”
Event Category Action ID Action Key Description Message
80 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20166 AM_RADIUS_UPDATE_CLIENT
Update RADIUS Client
Administrator “{0}” attempted to update RADIUS client “{4}” managed in security domain “{5}”
eventAdmin 20167 AM_RADIUS_DELETE_CLIENT
Delete RADIUS Client
Administrator “{0}” attempted to delete RADIUS client “{4}” managed in security domain “{5}”
eventAdmin 20168 AM_RADIUS_CREATE_PROFILE
Create RADIUS Profile
Administrator “{0}” attempted to create RADIUS profile “{4}” managed in security domain “{5}”
eventAdmin 20169 AM_RADIUS_VIEW_PROFILE View RADIUS Profile
Administrator “{0}” attempted to view RADIUS profile “{4}” managed in security domain “{5}”
eventAdmin 20170 AM_RADIUS_UPDATE_PROFILE
Update RADIUS Profile
Administrator “{0}” attempted to update RADIUS profile “{4}” managed in security domain “{5}”
eventAdmin 20171 AM_RADIUS_DELETE_PROFILE
Delete RADIUS Profile
Administrator “{0}” attempted to delete RADIUS profile “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 81
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20172 AM_RADIUS_CREATE_SERVER
Create RADIUS Server
Administrator “{0}” attempted to create RADIUS server “{4}” managed in security domain “{5}”
eventAdmin 20173 AM_RADIUS_VIEW_SERVER View RADIUS Server
Administrator “{0}” attempted to view RADIUS server “{4}” managed in security domain “{5}”
eventAdmin 20174 AM_RADIUS_UPDATE_SERVER
Update RADIUS Server
Administrator “{0}” attempted to update RADIUS server “{4}” managed in security domain “{5}”
eventAdmin 20175 AM_RADIUS_DELETE_SERVER
Delete RADIUS Server
Administrator “{0}” attempted to delete RADIUS server “{4}” managed in security domain “{5}”
eventAdmin 20176 AM_RADIUS_CREATE_POLICY
Create RADIUS Realm Settings
Administrator “{0}” attempted to create RADIUS Realm settings “{4}” managed in security domain “{5}”
eventAdmin 20177 AM_RADIUS_VIEW_POLICY View RADIUS Realm Settings
Administrator “{0}” attempted to view RADIUS Realm settings “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
82 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20178 AM_RADIUS_UPDATE_POLICY
Update RADIUS Realm Settings
Administrator “{0}” attempted to update RADIUS Realm settings “{4}” managed in security domain “{5}”
eventAdmin 20179 AM_RADIUS_DELETE_POLICY
Delete RADIUS Realm settings
Administrator “{0}” attempted to delete RADIUS Realm settings “{4}” managed in security domain “{5}”
eventAdmin 20180 AM_RADIUS_LINK_PROFILE_AGENT
Assign RADIUS Profile to Agent
Administrator “{0}” attempted to assign RADIUS profile “{4}” to Agent “{8}” managed in security domain “{5}”
eventAdmin 20181 AM_RADIUS_LINK_PROFILE_PRINCIPAL
Assign RADIUS Profile to Principal
Administrator “{0}” attempted to assign RADIUS profile “{4}” to Principal “{8}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20182 AM_RADIUS_UNLINK_PROFILE_AGENT
Unassign RADIUS Profile from Agent
Administrator “{0}” attempted to unassign RADIUS profile from Agent “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 83
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20183 AM_RADIUS_UNLINK_PROFILE_PRINCIPAL
Unassign RADIUS Profile from Principal
Administrator “{0}” attempted to unassign RADIUS profile from Principal “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20184 AM_RADIUS_REPLICATION_PUBLISH
Initiate RADIUS Replication
Administrator “{0}” attempted to initiate replication of RADIUS data in security domain “{5}”
eventAdmin 20185 AM_RADIUS_REPLICATION_NOTIFY
Notify Server for RADIUS Replication
Administrator “{0}” attempted to initiate RADIUS replication in security domain “{5}”
eventAdmin 20186 AM_RADIUS_LINK_PROFILE_PRINCIPAL_ALIAS
Assign RADIUS Profile to Principal Alias
Administrator “{0}” attempted to assign RADIUS profile “{4}” to Principal “{8}” Alias “{11}” stored in identity source “{6}” managed in security domain “{5}”
eventAdmin 20187 AM_RADIUS_UNLINK_PROFILE_PRINCIPAL_ALIAS
Unassign RADIUS Profile from Principal Alias
Administrator “{0}” attempted to unassign RADIUS profile from Principal “{4}” Alias “{11}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
84 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20188 AM_ON_DEMAND_CONFIGURATION_UPDATE
Update On-Demand Configuration
Administrator “{0}” attempted to update On-Demand configuration in realm “{5}”
eventAdmin 20189 AM_ACTIVITY_MONITOR_READ
Read Activity Monitor
Administrator “{0}” attempted to read activity monitor
eventAdmin 20190 TRANSMIT_TEST_TXT_MSG_SMS
Test SMS Provider Integration
Attempted to transmit text message to “{4}” to test integration with provider “{11}”
eventAdmin 20191 RESYNC_AM_TOKEN Resynchronize Token
Administrator “{0}” attempted to resynchronize token “{4}” managed in security domain “{5}”
eventAdmin 20192 AM_APS_AUTO_REG_ENABLED
Enable Agent Auto-registration
Administrator “{0}” enabled Agent Auto-registration
eventAdmin 20193 AM_APS_AUTO_REG_DEFAULT_REALM
Agent Auto-registratrion Default Realm
Administrator “{0}” updated Agent Auto-registration's Default Realm
eventAdmin 20194 AM_APS_AUTO_REG_PROTOCOL
Agent Auto-registratrion Protocol
Administrator “{0}” updated Agent Auto-registratrion Protocol
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 85
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20195 AM_APS_AUTO_REG_SVC_NAME
Agent Auto-registratrion Service name
Administrator “{0}” updated Agent Auto-registratrion Service name
eventAdmin 20196 AM_APS_AUTO_REG_PORT_NUMBER
Agent Auto-registratrion port number
Administrator “{0}” updated Agent Auto-registration port number
eventAdmin 20197 AM_EAP32_PEPPER_MIN EAP32 minimun pepper length
Administrator “{0}” updated EAP32 minimum pepper length
eventAdmin 20198 AM_EAP32_PEPPER_MAX EAP32 maximum pepper length
Administrator “{0}” updated EAP32 maximum pepper length
eventAdmin 20199 AM_EAP32_PEPPER_LIFETIME
EAP32 pepper lifetime
Administrator “{0}” updated EAP32 pepper lifetime
eventAdmin 20200 AM_EAP32_PEPPER_REFRESH EAP32 pepper refresh interval
Administrator “{0}” updated EAP32 pepper refresh interval
eventAdmin 20201 AM_EAP32_ITERATION_COUNT_MIN
EAP32 minimum iteration count
Administrator “{0}” updated EAP32 minimum iteration count
eventAdmin 20202 AM_EAP32_ITERATION_COUNT_MAX
EAP32 maximum iteration count
Administrator “{0}” updated EAP32 maximum iteration count
eventAdmin 20203 AM_EVENT_TOKEN_DB_RECOVERY_START_ON
Event Token db recovery start on
Administrator “{0}” updated Event Token db recovery starton date
Event Category Action ID Action Key Description Message
86 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20204 AM_EVENT_TOKEN_DB_RECOVERY_ENABLED
Enable Event Token db recovery
Administrator “{0}” enabled Event Token db recovery
eventAdmin 20205 AM_EVENT_TOKEN_DB_RECOVERY_END_ON
Event Token db recovery end on
Administrator “{0}” updated Event Token db recovery endon date
eventAdmin 20206 AM_CTKIP_SERVICE_SERVER_URL
CTKIP Service Server URL
Administrator “{0}” updated CTKIP Service Server URL
eventAdmin 20207 AM_CTKIP_SERVICE_SERVER_ADDRESS
CTKIP Service Server address
Administrator “{0}” updated CTKIP Service Server address
eventAdmin 20208 AM_OFFLINE_AUTH_SVC_PROTOCOL
Offline Auth Service protocol
Administrator “{0}” updated Offline Auth Service protocol
eventAdmin 20209 AM_OFFLINE_AUTH_PORT_NUMBER
Offline Auth Port number
Administrator “{0}” updated Offline Auth Port number
eventAdmin 20210 AM_OFFLINE_AUTH_SVC_NAME
Offline Auth Service name
Administrator “{0}” updated Offline Auth Service name
eventAdmin 20211 AM_APS_AUTH_SVC_PROTOCOL
APS Authentication service protocol
Administrator “{0}” updated Authentication service protocol
eventAdmin 20212 AM_APS_PORT_NUMBER APS Authentication port number
Administrator “{0}” updated Authentication port number
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 87
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20213 AM_APS_CLIENT_RESPONSE_DELAY
APS Authentication client response delay
Administrator “{0}” updated Authentication client response delay
eventAdmin 20214 AM_CONFIGURATION_UPDATE_FAILED
Failed to update AM configuration
Administrator “{0}” failed to update AM configuration
eventAdmin 20215 AM_APS_AUTO_REG_DISABLED
Disable Agent Auto-registration
Administrator “{0}” disabled Agent Auto-registration
eventAdmin 20216 AM_EVENT_TOKEN_DB_RECOVERY_DISABLED
Disable Event Token db recovery
Administrator “{0}” disabled Event Token db recovery
eventAdmin 20217 ACTIVATE_BCO Activate Business Continuity
Administrator “{0}” attempted to activate business continuity “{4}” managed in security domain “{5}”
eventAdmin 20218 MANAGE_NTLM2UPN_MAPPINGS
Manage NTLM2UPN mappings
Administrator “{0}” attempted to manage(add/delete/update) NTLM2UPN mappings
eventAdmin 20219 DOWNLOADED_EA_ONE_TIME_TOKENCODE_TO_FILE
File Download Downloaded Generated emergency access one time token code for the token “{4}” to file.
Event Category Action ID Action Key Description Message
88 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20220 TRUSTED_USER_GROUP_REMOTE_PRINCIPAL_UNLINK
Unlink a Trusted User Group to a Trusted User
Administrator “{0}” attempted to unlink trusted user “{4}” stored in identity source “{6}” managed in security domain “{5}” with trusted user group “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20221 TRUSTED_USER_GROUP_AGENT_LINK
Link a Trusted User Group to an Agent
Administrator “{0}” attempted to link agent “{4}” managed in security domain “{5}” with trusted user group “{8}” stored in identity source “{10}” managed in security domain “{9}”
eventAdmin 20222 MANAGE_PUK_IGNORE Manage Pin Unlock Key (PUK)
Administrator “{0}” attempted to import PUK data for token “{4}” managed in security domain “{5}” but a record already exists.
eventAdmin 20223 MANAGE_PUK_REPLACE Manage Pin Unlock Key (PUK)
Administrator “{0}” attempted to replace PUK data for token “{4}” managed in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 89
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20224 MANAGE_PUK_IMPORT Manage Pin Unlock Key (PUK)
Administrator “{0}” attempted to import PUK data for token “{4}” managed in security domain “{5}”
eventAdmin 20225 DEACTIVATE_BCO Deactivate Business Continuity
Business Continuity Option “{4}” expired in Security Domain “{5}”
eventAdmin 20226 PIN_UNBLOCK Pin Unblock Administrator “{0}” attempted to perform pin unblock for token “{4}”
eventAdmin 20231 AUTHMGR_CTKIP_AUTHCODE_UPDATE
Update CTKIP Authcode
Administrator “{0}” attempted to update CTKIP authcode “{4}” managed in security domain “{5}”
eventAdmin 20230 CREATE_BACKUP_ATTEMPT Create Backup Attempt
Administrator “{0}” attempted to create a backup.
eventAdmin 20227 CREATE_BACKUP Create Backup Administrator “{0}” created a backup.
eventAdmin 20234 AM_EAP32_SESSION_RESUMPTION_ENABLED
Enable EAP-POTP session resumption
Administrator “{0}” enabled EAP-POTP session resumption
eventAdmin 20235 AM_EAP32_SESSION_RESUMPTION_DISABLED
Disable EAP-POTP session resumption
Administrator “{0}” disabled EAP-POTP session resumption
Event Category Action ID Action Key Description Message
90 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 20236 AM_PERIODIC_RADIUS_REPLICATION_ENABLED
Enabled periodic RADIUS Replication
Administrator “{0}” enabled periodic RADIUS Replication
eventAdmin 20237 AM_PERIODIC_RADIUS_REPLICATION_DISABLED
Disabled periodic RADIUS Replication
Administrator “{0}” disabled periodic RADIUS Replication
eventAdmin 20238 AM_GENERATE_REPLICA_PKG
Replica Package Generation
Administrator “{0}” attempted to generate replica package
eventAdmin 20239 EXPORT_DATA_TO_FILE Export Data to file
Administrator “{0}” attempted to export data to the file “{11}”.
eventAdmin 20240 GENERATE_EXPORT_SECURITY_PACKAGE
Generate Export Security Package
Administrator “{0}” attempted to generate and download export security package.
eventAdmin 20241 AM_START_REPLICA_ATTACH
Start Replica Attach
Administrator “{0}” attempted to start attaching the replica “{4}”
eventAdmin 20242 IMPORT_DATA_FROM_FILE Import Users and Tokens from file
Administrator “{0}” attempted to import users and tokens from the file “{11}”.
eventAdmin 20243 IMPORT_TOKEN_FROM_EXPORTED_DATA
Import Token from exported data
Administrator “{0}” attempted to import token “{4}” from exported data file.
eventAdmin 20244 IMPORT_USER_FROM_EXPORTED_DATA
Import User from exported data
Administrator “{0}” attempted to import user “{4}” from exported data file.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 91
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 30001 UCM_REQUEST_CREATE Create a UCM Request
Administrator attempted to create ucm request
eventAdmin 30002 UCM_REQUEST_APPROVE Approve a UCM Request
Administrator attempted to approve a ucm request
eventAdmin 30003 UCM_REQUEST_DISTRIBUTE Distribute a UCM Request
Administrator attempted to distribute a ucm request
eventAdmin 30004 UCM_REQUEST_REJECT Reject a UCM Request
Administrator attempted to reject a ucm request
eventAdmin 30005 UCM_REQUEST_CANCEL Cancel a UCM Request
Administrator attempted to cancel a ucm request
eventAdmin 30006 UCM_REQUEST_UPDATE Update a UCM Request
Administrator attempted to update a ucm request
eventAdmin 30007 UCM_TOKEN_PIN_CHANGE Change Token Pin through UCM
Administrator attempted to change token pin through UCM
eventAdmin 30008 UCM_MAIL_RESEND Resend Last Mail Administrator attempted to resend the last mail
eventAdmin 30009 UCM_PIN_UNBLOCK Unblock Smart Card
User attempted to unblock smart card
eventAdmin 30010 UCM_RESET_PASSWORD Reset Password User attempted to reset their password
eventAdmin 30011 UCM_RESYNC_TOKEN Resync Token User attempted to resync their token
Event Category Action ID Action Key Description Message
92 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 30012 UCM_PLACE_TOKEN_EA_MODE
Place Token in EA Mode
User attempted to place token in EA mode
eventAdmin 30013 UCM_SMS_DELIVERY_CHANGE
Change SMS Delivery Option
User attempted to change SMS delivery options
eventAdmin 30014 UCM_UPDATE_USER_ATTRIBUTES
Update User Attributes
User attempted to update their attributes
eventAdmin 30015 UCM_CLEAR_RBA_DEVICES Clear RBA Devices
User attempted to clear their RBA devices
eventAdmin 30016 UCM_SEND_END_USER_NOTIFICATION
Send an End-User Notification
A notification has been sent to the user
eventAdmin 30017 UCM_UPDATE_USER_GROUPS
Update User Groups
User attempted to update their user groups
eventAdmin 30018 UCM_SET_REALM_PREFERENCES
Set Realm Preferences Actio
Admin attempted to set UCM realm preferences.
eventAdmin 30019 UCM_GET_REALM_PREFERENCES
Get Realm Preferences Action
Admin attempted to get UCM realm preferences.
eventAdmin 30020 UCM_UPDATE_SMART_CARD_CONFIG
Update UCM Smart Card Action
eventAdmin 30021 UPDATE_SHIPPING_ADDRESS_CONFIGURATION
update UCM Shipping Address Configuration Action Key.
eventAdmin 30022 UCM_IDENTITY_SOURCE_UPDATE
update UCM Identity Source System Action Key.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 93
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 30023 UCM_SECURITY_DOMAIN_UPDATE
update UCM security Domain System Action Key.
eventAdmin 30024 UCM_USER_PROFILE_UPDATE
update UCM User Profile System Action Key.
eventAdmin 30025 UCM_USER_GROUP_UPDATE update UCM User Group System Action Key.
eventAdmin 30026 UCM_MAIL_NOTIFICATION_TEMPLATE_UPDATE
update UCM mail notification template Action Key.
eventAdmin 30027 UCM_AUTHENTICATION_CONFIGURATION_UPDATE
update UCM authentication configuration Action Key.
eventAdmin 30028 UCM_SELFSERVICE_OPERATION_MAPPING_UPDATE
update UCM workflow definition Action Key.
eventAdmin 30029 UCM_USER_GROUP_RETRIEVE
Retrieve UCM User Group System Action Key.
eventAdmin 30030 UCM_SECURITY_DOMAIN_RETRIEVE
Retrieve UCM security Domain System Action Key.
eventAdmin 30031 UCM_IDENTITY_SOURCE_RETRIEVE
Retrieve UCM Identity Source System Action Key.
Event Category Action ID Action Key Description Message
94 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 30032 UCM_USER_PROFILE_RETRIEVE
Retrieve UCM User Profile System Action Key.
eventAdmin 30033 SHIPPING_ADDRESS_CONFIGURATION_RETRIEVE
Retrieve Shipping Address Configuration Action Key.
eventAdmin 30034 UCM_REQUEST_RETRIEVE Retrieve a UCM Request.
eventAdmin 30035 UCM_WORKITEM_COMPLETE Create a UCM Request.
eventAdmin 30036 UCM_SEARCH_REQUESTS_BY_ATTRIBUTE
Search Requests by Attribute Action Key
eventAdmin 30037 UCM_COMPLETE_WORKFLOW_REQUEST
Complete Workflow Request Action Key
eventAdmin 30038 UCM_GET_WORKFLOWS Get Workflows Action Key
eventAdmin 30039 UCM_GET_WORKFLOW_REQUESTS
Get Workflows Requests Action Key
eventAdmin 30040 UCM_GET_WORKFLOW_REQUEST_ACTIONS
Get Workflows Request Actions Action Key
eventAdmin 30041 UCM_GET_WORKFLOW_PROCESSES
Get Workflow Processes Action Key
eventAdmin 30042 UCM_UPDATE_WORKFLOW_REQUEST
Update Workflow Request Action Key
eventAdmin 30043 UCM_MAIL_NOTIFICATION_TEMPLATE_ADD
Add UCM mail notification template Action Key.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 95
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAdmin 30044 UCM_PROCESS_DEFINITON_UPDATE
Update UCM process definition Action Key.
eventAdmin 30045 UCM_SHIPPING_ADDRESS_UPDATE
update UCM Shipping Address Attribute Definition System Action Key.
eventAdmin 30046 UCM_PROCESS_DEFINITON_RETRIEVE
Retrieve UCM process definition Action Key.
eventAdmin 30047 UCM_RETRIEVE_CONFIGURATION
Retrieve UCM configuration Action Key.
eventAdmin 30048 UCM_REQUEST_AUTO_APPROVE
Auto-approve a Self-Service Request
eventAdmin 30049 UCM_ACTIVATE_TOKEN Activate Token
eventAdmin 30050 UCM_ACTIVATE_REPLACEMENT_TOKEN
Activate Replacement Token
eventAdmin 30051 UCM_ASSIGN_REPLACEMENT_TOKEN
Assign Replacement Token
eventAdmin 30052 UCM_CHANGE_SMS_PIN Change SMS Pin
eventAdmin 30053 UCM_ASSIGN_SMS_TOKEN Assign On-Demand Token
eventAdmin 30054 UCM_ASSIGN_TOKEN Assign Token
eventAuthn 13001 AUTHN_LOGOUT_EVENT Principal session logout
User “{0}” attempted to log out of security domain “{1}” in identity source “{2}”
Event Category Action ID Action Key Description Message
96 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 13002 AUTHN_LOGIN_EVENT Principal authentication
User “{0}” attempted to authenticate using authenticator “{6}”. The user belongs to security domain “{1}”
eventAuthn 13003 AUTHN_LOCKOUT_EVENT Principal lockout User “{0}” from security domain “{1}” in identity source “{2}” is locked out
eventAuthn 13004 ADD_DEVICE_BINDING Register new device for principal
A new device was saved to the RBA device history for user “{0}” from security domain “{1}” in identity source “{2}”.
eventAuthn 13005 OC_ADMIN_LOGOUT_EVENT OC Admin session logout
Operations Console admin “{0}” attempted to log out of Operations Console
eventAuthn 13006 OC_ADMIN_LOGIN_EVENT OC Admin authentication
Operations Console admin “{0}” attempted to authenticate to Operations Console
eventAuthn 13007 PROXY_LOGIN_EVENT Authentication request
The authentication request was routed through “{9}”.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 97
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 13008 DEVICE_ELEMENTS_NOT_BOUND
Device elements not bound for principal
User “{0}” from security domain “{1}” in identity source “{2}” must provide an identity confirmation before he can achieve a higher assurance level for this device. If the user has not already configured an identity confirmation method then you may need to take action.
eventAuthn 23001 AUTH_UDP_PACKET_PROCESSING
Authentication packet processing
Processing authentication packet from agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23002 AUTH_UNSUPPORTED_PROTOCOL
Received unsupported request
Received unsupported request from agent “{3}” with IP address “{4}” in security domain “{5}”. Request type: “{18}”
eventAuthn 23003 AUTH_LOG_REQUEST Authentication log request
Log request received from agent “{3}” with IP address “{4}” in security domain “{5}”
Event Category Action ID Action Key Description Message
98 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23004 AUTH_AGENT_ACCESS_CHECK
Authentication agent access check
Verifying user “{0}” in security domain “{1}” from identity source “{2}” is allowed access to agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23005 AUTH_NODE_VERIFICATION Node secret verification
Verifying node secret for the agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23006 AUTH_NODE_SECRET_SENT Node secret sent Node secret sent to agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23007 AUTH_SECONDARY_SEGMENT_PROCESSING_FAILURE
Secondary segment processing failed
Unable to process secondary segments for request from agent “{3}” with IP address “{4}” in security domain “{5}”. Secondary segment request will be ignored
eventAuthn 23008 AUTH_PRINCIPAL_RESOLUTION
Resolve principal by userid/alias
Attempting to resolve user by userid or alias “{0}”. Request originated from agent “{3}” with IP address “{4}” in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 99
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23009 AUTH_SESSION_OPEATION_FAILURE
Session operation failure
Session operation failure processing request from agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23010 AUTH_NEW_PIN_CANCELLED
New pin cancelled for user
New pin cancelled for user“{0}”. Request originated from agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23011 CREATE_AM_TOKEN Create Token Administrator “{0}” attempted to create token “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAuthn 23012 UPDATE_AM_TOKEN Update Token Administrator “{0}” attempted to update token “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAuthn 23013 DELETE_AM_TOKEN Delete Token Administrator “{0}” attempted to delete token “{4}” stored in identity source “{6}” managed in security domain “{5}”
eventAuthn 23014 AUTHMGR_TOKEN_STAT_SEARCH
Token Statistics Search
Administrator “{0}” attempted to search for token statistics
Event Category Action ID Action Key Description Message
100 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23015 OFFLINE_LOGIN_EVENT Offline Login Event
Offline authentication attempted by user “{0}” on agent “{3}” using token with serial number “{8}” at “{10}”
eventAuthn 23016 OA_DATA_DOWNLOAD Offline Authentication Data Download
Offline authentication data download requested by user “{0}” from agent “{3}” using token “{8}”
eventAuthn 23017 OA_DATA_DOWNLOAD_FAILED
Offline Authentication Data Download Failed
Offline authentication data download requested by user “{0}” from agent “{3}” using token “{8}” failed with error message “{9}”
eventAuthn 23018 OA_WINDOWS_PASSWORD_UPDATE
Windows Password Updated
Windows password updated for user “{0}”
eventAuthn 23019 OA_DOMAIN_SECRET_UPDATE
Domain Secret Updated
Domain secret updated for agent “{3}”
eventAuthn 23020 AUTHMGR_NEW_PIN_ACTIVATED
New pin mode activated for token
New pin mode activated for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 101
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23021 AUTHMGR_NEXT_TOKENCODE_ACTIVATED
Next tokencode mode activated for token
Next tokencode mode activated for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source
eventAuthn 23022 AUTHMGR_TOKEN_REPLACEMENT_ORIGINAL_DELETED
Token replaced original token deleted
eventAuthn 23023 AUTHMGR_TOKEN_REPLACEMENT_ORIGINAL_UNASSIGNED
Token replaced original token unassigned
eventAuthn 23024 AUTHMGR_PASSCODE_REUSE
Authentication attempted
Passcode reuse or previous token code detected for user “{0}” in security domain “{1}” from “{2}” identity source. Request originated from agent “{3}” with IP address “{4}” in security domain “{5}” with protocol version “{2}”. Authentication method: “{6}” ; Authentication policy exp: “{7}”
eventAuthn 23025 AUTHMGR_SID_METHOD_INFO
SID method SID method
Event Category Action ID Action Key Description Message
102 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23026 AUTHMGR_PIN_CHANGE PIN change attempted
User “{0}” in security domain “{1}” from identity source “{2}” attempted to change pin for token serial number “{16}”
eventAuthn 23027 AUTHMGR_FIXED_PASSCODE_CHANGE
Fixed passcode change
Administrator “{0}” attempted to change fixed passcode
eventAuthn 23028 AUTH_AGENT_LOOKUP Lookup Authentication agent
Lookup authentication agent by IP address “{4}”
eventAuthn 23029 AGENT_AUTO_REG_START Agent auto-registration request
Received an agent auto-registration request from IP address “{4}”
eventAuthn 23030 AUTO_REG_NEW_AGENT New authentication agent was registered with Authentication Manager
New authentication agent “{3}” with primary IP address “{4}” was registered with Authentication Manager in Security Domain “{5}”
eventAuthn 23031 AUTOREG_GET_SECURITY_DOMAIN
Getting Security Domain for agent auto-registration
Getting Security Domain for agent “{3}” with primary IP address “{4}” for auto-registration. Agent Security Domain is “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 103
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23032 AUTO_REG_DUPLICATE_IP Found another agent with the same IP address while trying to auto-register an agent
Found another agent “{8}” with the same IP address “{4}” while trying to auto-register agent “{3}”
eventAuthn 23033 AUTOREG_UPDATE_AGENT Updated agent with the new IP address
Updated agent “{3}” with the new IP address “{4}” in Security Domain “{5}”
eventAuthn 23034 AUTOREG_UNASSIGN_IP While updating an agent
found another agent with the same IP address. Unassigning IP address
eventAuthn 23035 AUTO_REG_DUPLICATE_AGENT
Registering new agent. Found agent with the same name
Registering new agent “{3}” in Security Domain “{5}”. Found agent with the same name and IP address “{4}”
eventAuthn 23036 AUTOREG_VERIFY_NODESECRET
Agent node secret verification
Verifying node secret for the agent “{3}” with IP address “{4}” in Security Domain “{5}”
eventAuthn 23037 AUTOREG_AGENT_NOT_FOUND
Trying to update IP address for an agent with node secret
but it does not exist
eventAuthn 23038 AUTOREG_DHCP_ERROR While registering an agent
found another agent with the same alias IP address
Event Category Action ID Action Key Description Message
104 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23039 AUTOREG_CLEAR_NODESECRET
Agent node secret has been cleared
Cleared node secret for the agent “{3}” in Security Domain “{5}”
eventAuthn 23040 TR_H_AUTHMGR_PIN_CHANGE
Trusted Realm: PIN change attempted
User “{0}” in security domain “{1}” from identity source “{2}” in trusted realm “{13}” attempted to change pin for token serial number “{16}”
eventAuthn 23041 TR_H_AUTHMGR_PASSCODE_REUSE
Trusted Realm authentication attempted
Passcode reuse or previous token code detected for user “{0}” in security domain “{1}” from “{2}” identity source. Request originated from trusted realm “{13}” with agent “{3}” with IP address “{4}” in security domain “{5}” with protocol version “{2}”. Authentication method: “{6}” ; Authentication policy exp: “{7}”
eventAuthn 23042 TR_H_AUTHN_LOGIN_EVENT Trusted Realm Authentication
User “{0}” attempted to authenticate using authenticator “{6}” from Trusted Realm “{13}”. The user belongs to Security Domain “{1}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 105
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23043 TR_R_AUTHN_LOGIN_EVENT Trusted Realm Authentication Requested
Trusted user “{0}” attempted to authenticate using authenticator “{8}” at trusted realm “{9}”. The user belongs to Security Domain “{1}”
eventAuthn 23044 TR_R_AUTHMGR_NEXT_TOKENCODE_ACTIVATED
Trusted Realm Authentication Request activated next tokencode mode for token
Next tokencode mode activated for token serial number “{11}” assigned to user “{0}” in security domain “{1}” from the trusted realm “{8}”.
eventAuthn 23045 TR_R_AUTHMGR_PIN_CHANGE
Trusted Realm new PIN created by user
User “{0}” in security domain “{1}” from the trusted realm “{9}” created new pin for token serial number “{10}”.
eventAuthn 23046 TR_H_AUTHMGR_NEW_PIN_ACTIVATED
Trusted Realm: New pin mode activated for token
New pin mode activated for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source. Request received from trusted realm “{13}”
Event Category Action ID Action Key Description Message
106 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23047 TR_H_AUTHMGR_NEXT_TOKENCODE_ACTIVATED
Trusted Realm: Next tokencode mode activated for token
Next tokencode mode activated for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source. Request received from trusted realm “{13}”
eventAuthn 23048 TR_R_REMOTE_PRINCIPAL_DISCOVERED
Trusted User Discovered
The trusted user “{0}” was discovered in the trusted realm “{9}”.
eventAuthn 23049 TR_R_REMOTE_PRINCIPAL_NOT_DISCOVERED
Resolve user by User ID/alias/Trusted realm search
The user login “{0}” could not be discovered in the local realm or by searching configured trusted realms.
eventAuthn 23050 NO_MORE_OTT Login with One Time Tokencode Event
Token with serial number “{8}” does not have any more one time tokencodes associated with it.
eventAuthn 23051 TFT_EXPIRED Login with Temporary Fixed Tokencode Event
Fixed emergency access tokencode associated with token with serial number “{8}” has expired.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 107
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23052 OTTS_EXPIRED Login with One Time Tokencode Event
One time emergency access tokencode set associated with token with serial number “{8}” has expired.
eventAuthn 23053 EAP32_SESSION_RESUME EAP-32 Authentication
User “{0}” attempted to resume the existing EAP-32 Session.
eventAuthn 23054 REMOTE_AUTH_PRINCIPAL_RESOLUTION
Resolve trusted user by userid
Attempting to resolve trusted user by userid “{0}”. Request originated from agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23055 AM61_MIGRATED_AUTHN_LOG_MESSAGE
AM61 Migrated log message
AM61 Migrated log message. Original message: “{8}”.
eventAuthn 23056 TR_R_REALM_DISABLED Trusted Realm Disabled
The Trusted Realm “{9}” has rejected the connection.
eventAuthn 23057 TR_R_LOCAL_REALM_DISABLED
Trusted Realm Disabled
The Trusted Realm “{9}” is disabled.
eventAuthn 23058 NTLM_MAPPING_NOT_FOUND
NTLM mapping not found
There is no NTLM mapping for “{8}”.
eventAuthn 23059 FAILED_TO_LOOKUP_NTLM_MAPPINGS
Failed to lookup NTLM mapping
Could not lookup NTLM mapping for “{8}”.
eventAuthn 23060 EAP32_AUTH EAP-32 Authentication
User “{0}” attempted EAP-32 authentication
Event Category Action ID Action Key Description Message
108 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23061 EAP32_NEW_PEPPER EAP-32 Authentication
User “{0}” received new EAP-32 Pepper
eventAuthn 23062 TOKEN_EXPIRED Token Expired Token serial number “{16}” assigned to user “{0}” in security domain “{1}” from identity source “{2}” is expired
eventAuthn 23063 AUTH_AGENT_LOG_REQUEST_SUCCESS
Agent log request TACACS login succeeded with TACACS password on agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23064 AUTH_AGENT_LOG_REQUEST_FAIL
Agent log request TACACS login failed with TACACS password on agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23065 AUTH_AGENT_ENABLE_REQUEST
Agent log enable request
TACACS enable attempt on agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23066 AUTHMGR_SMS_PIN_CHANGE
PIN change attempted for On-Demand Tokencode Service
User “{0}” in security domain “{1}” from identity source “{2}” attempted to change pin for On-Demand Tokencode Service
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 109
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23067 AUTHMGR_SMS_PASSCODE_REUSE
Authentication attempted
Passcode reuse or previous token code detected for user “{0}” in security domain “{1}” from “{2}” identity source. Request originated from agent “{3}” with IP address “{4}” in security domain “{5}” with protocol version “{2}”. Authentication method: “{6}” ; Authentication policy exp: “{7}”
eventAuthn 23068 AUTHMGR_SMS_NEW_PIN_ACTIVATED
New pin mode activated for On-Demand Tokencode Service
New pin mode activated for On-Demand Tokencode Service for user “{0}” in security domain “{1}” from “{2}” identity source
eventAuthn 23069 AUTH_AGENT_TRUSTED_USER_ACCESS_CHECK
Authentication agent access check
Verifying trusted user “{0}” in security domain “{1}” from identity source “{2}” is allowed access to agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23070 AUTOREG_UPDATE_FAILED Agent update failed
Auto-registration update for the agent “{3}” with IP address “{4}” in Security Domain “{5}”
Event Category Action ID Action Key Description Message
110 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23071 AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN
Authentication attempted
Bad tokencode ; but good PIN detected for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source
eventAuthn 23072 AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE
Authentication attempted
Bad PIN ; but good tokencode detected for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source
eventAuthn 23073 AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE
Authentication attempted
Bad PIN ; but previous tokencode detected for token serial number “{16}” assigned to user “{0}” in security domain “{1}” from “{2}” identity source
eventAuthn 23074 TR_R_AUTHMGR_NTC_ACCEPTED
Trusted realm next token code accepted
Next tokencode mode accepted for token serial number “{11}” assigned to user “{0}” in security domain “{1}” from the trusted realm “{8}”.
eventAuthn 23075 AUTH_AGENT_ENABLE_SUCCESS
Agent log request TACACS enable succeeded on agent “{3}” with IP address “{4}” in security domain “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 111
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23076 AUTH_AGENT_ENABLE_FAILED
Agent log request TACACS enable not authorized on agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23077 AUTH_AGENT_ARA_LOGIN Agent log request TACACS ARA Login (No SecurID) on agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23078 AUTH_AGENT_CHAP_LOGIN Agent log request TACACS CHAP Login (No SecurID) on agent “{3}” with IP address “{4}” in security domain “{5}”
eventAuthn 23079 AUTHN_ARTIFACT_VALIDATION
Authentication artifact validation
Authentication artifact validation on agent “{3}” with IP address “{4}” in security domain “{5}” for user “{0}” in security domain “{1}” from “{2}” identity source
eventAuthn 23080 AUTH_AGENT_DOESNT_ACCEPT_SECURID
SecurID credential type not accepted
Received a SecurID credential ; which the agent is configured to not accept. Agent “{3}” with IP address “{4}” in security domain “{5}”.
Event Category Action ID Action Key Description Message
112 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventAuthn 23081 AUTHN_ARTIFACT_GENERATION
Generate Authentication Artifact
Authentication artifact was generated for principal “{0}” stored in identity source “{2}” managed in security domain “{1}”
eventSystem 16001 LICENSE_INSTALL Install license Administrator “{0}” attempted to install license “{4}” for “{3}”
eventSystem 16002 LICENSE_REPLACEMENT Replace license Administrator “{0}” attempted to replace license “{5}” for “{3}” with license “{4}”
eventSystem 16003 LICENSE_UNINSTALL Uninstall license Administrator “{0}” attempted to uninstall license “{4}” for “{3}”
eventSystem 16004 LICENSE_CHECK Check license System attempted to check the license for product “{3}” “{4}” on instance “{5}”
eventSystem 16005 LICENSE_GET Retrieve license from the database
System attempted to retrieve a license from the database with filter “{3}”
eventSystem 16006 FEATURE_LICENSE_CHECK Check license for feature
System attempted to check the license for feature “{6}” of “{3}” “{4}” on instance “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 113
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16007 ARCHIVE_LOG Log archived Messages in log “{3}” archived from dates “{4}” through “{5}”
eventSystem 16008 PLUGIN_LOADED Load plug-in System attempted to load plug-in “{3}” from file “{4}”
eventSystem 16009 EXTENSION_LOADED Load extension point
System attempted to load extension point “{4}” from plug-in “{3}”
eventSystem 16010 SETUP_PRIMARY Setup primary Replication “{3}” “{4}” succeeded
eventSystem 16011 REMOVE_PRIMARY Remove primary Replication “{3}” “{4}” succeeded
eventSystem 16012 PROMOTE_PRIMARY Promote primary Replication “{3}” “{4}” succeeded
eventSystem 16013 ADD_REPLICA Add replica Replication “{3}” “{4}” succeeded
eventSystem 16014 REMOVE_REPLICA Remove replica Replication “{3}” “{4}” succeeded
eventSystem 16015 ATTACH_REPLICA Attach replica Replication “{3}” “{4}” succeeded
eventSystem 16016 SYNCHRONIZE_REPLICA Synchronize replica
Replication “{3}” “{4}” succeeded
eventSystem 16017 REGISTRY_TOPOLOGY_READ Read cluster topology
System attempted to retrieve the cluster topology
eventSystem 16018 REGISTRY_TOPOLOGY_WRITE
Update cluster topology
System attempted to update the cluster topology for instance “{3}”
Event Category Action ID Action Key Description Message
114 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16019 REGISTRY_INSTANCE_REGISTRATION
Register instance Administrator “{0}” attempted to register instance “{3}”
eventSystem 16020 REGISTRY_INSTANCE_UPDATE
Update instance Administrator “{0}” attempted to update instance “{3}”
eventSystem 16021 REGISTRY_INSTANCE_DEREGISTER
Deregister instance
Administrator “{0}” attempted to deregister instance with ID “{3}”
eventSystem 16022 REGISTRY_INSTANCE_LOOKUP
Look up instance Administrator “{0}” attempted to read an instance
eventSystem 16023 REGISTRY_COMPONENT_REGISTRATION
Register component
Administrator “{0}” attempted to register component “{4}” on instance “{3}”
eventSystem 16024 REGISTRY_COMPONENT_UPDATE
Update component
Administrator “{0}” attempted to update component “{4}” on instance “{3}”
eventSystem 16025 REGISTRY_COMPONENT_DEREGISTER
Deregister component
Administrator “{0}” attempted to deregister component “{4}” from instance “{3}”
eventSystem 16026 REGISTRY_COMPONENT_LOOKUP
Look up component
Administrator “{0}” attempted to read a component
eventSystem 16027 REGISTRY_PATCH_ADD Add component patch
Administrator “{0}” attempted to add patch “{5}” to component “{4}” on instance “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 115
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16028 REGISTRY_PATCH_REMOVE Remove component patch
Administrator “{0}” attempted to remove patch “{5}” from component “{4}” on instance “{3}”
eventSystem 16029 REGISTRY_CLUSTER_UPDATED
Cluster topology updated
Cluster topology for instance “{3}” has been updated
eventSystem 16030 REGISTRY_CLUSTER_UNCHANGED
Cluster topology unchanged
Cluster topology for instance “{3}” has not been changed
eventSystem 16031 REGISTRY_INITIALIZATION Initialize registry System attempted to initialize the registry
eventSystem 16032 DELETE_BATCH_JOB Delete batch job Administrator “{0}” attempted to delete batch job “{8}”
eventSystem 16033 EXECUTE_BATCH_JOB Execute batch job Administrator “{0}” attempted to execute batch job “{3}”: “{4}”
eventSystem 16034 READ_BATCH_JOB Read batch job Administrator “{0}” attempted to read batch job “{8}”
eventSystem 16035 READ_SCHEDULE_JOB Read scheduled job
Administrator “{0}” attempted to read scheduled job “{8}”
eventSystem 16036 ADD_BATCH_JOB Add batch job Administrator “{0}” attempted to add batch job “{8}”
Event Category Action ID Action Key Description Message
116 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16037 SCHEDULE_BATCH_JOB Schedule batch job
Administrator “{0}” attempted to schedule batch job “{8}”
eventSystem 16038 DELETE_SCHEDULE_JOB Delete scheduled job
Administrator “{0}” attempted to delete scheduled job “{8}”
eventSystem 16039 CANCEL_BATCH_JOB Cancel batch job Administrator “{0}” attempted to cancel batch job “{8}”
eventSystem 16040 CANCEL_SCHEDULE_JOB Cancel scheduled job
Administrator “{0}” attempted to cancel scheduled job “{8}”
eventSystem 16041 DELETE_AGED_JOB Delete aged job Administrator “{0}” attempted to delete aged job “{3}”
eventSystem 16042 EXECUTE_COMMAND Execute command
Administrator “{0}” attempted to execute command “{3}”
eventSystem 16043 CONDITION_EVALUATION Evaluate condition
Administrator “{0}” attempted to evaluate the expression “{3}”
eventSystem 16044 ACCESS_DATABASE Database access Database access attempted by system
eventSystem 16045 ACCESS_DIRECTORY Directory access Administrator “{0}” attempted to access directory “{3}”
eventSystem 16046 CREATE_REALM Create realm Administrator “{0}” attempted to create a realm
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 117
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16047 DELETE_REALM Delete realm Administrator “{0}” attempted to delete a realm
eventSystem 16048 UPDATE_REALM Update realm Administrator “{0}” attempted to update a realm
eventSystem 16049 READ_REALM Read realm Administrator “{0}” attempted to read a realm
eventSystem 16050 CREATE_SECURITY_DOMAIN Create security domain
Administrator “{0}” attempted to create a security domain
eventSystem 16051 DELETE_SECURITY_DOMAIN Delete security domain
Administrator “{0}” attempted to delete a security domain
eventSystem 16052 UPDATE_SECURITY_DOMAIN Update security domain
Administrator “{0}” attempted to update a security domain
eventSystem 16053 READ_SECURITY_DOMAIN Read security domain
Administrator “{0}” attempted to read a security domain
eventSystem 16054 CREATE_IDENTITY_SOURCE Create identity source
Administrator “{0}” attempted to create an identity source “{3}”
eventSystem 16055 DELETE_IDENTITY_SOURCE Delete identity source
Administrator “{0}” attempted to delete an identity source “{3}”
eventSystem 16056 UPDATE_IDENTITY_SOURCE Update identity source
Administrator “{0}” attempted to update an identity source “{3}”
Event Category Action ID Action Key Description Message
118 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16057 READ_IDENTITY_SOURCE Read identity source
Administrator “{0}” attempted to read an identity source
eventSystem 16058 LINK_IDENTITY_SOURCES Link identity source
Administrator “{0}” attempted to associate an identity source with a realm
eventSystem 16059 UNLINK_IDENTITY_SOURCES Unlink identity source
Administrator “{0}” attempted to disassociate an identity source from a realm
eventSystem 16060 READ_AUTHENTICATORS Read authenticators
System attempted to read authenticators
eventSystem 16061 UPDATE_AUTHENTICATORS Update authenticators
Administrator “{0}” attempted to update authenticators
eventSystem 16062 CREATE_ATTRIBUTE Create attribute Administrator “{0}” attempted to create an attribute
eventSystem 16063 READ_ATTRIBUTE Read attribute Administrator “{0}” attempted to read an attribute definition
eventSystem 16064 UPDATE_ATTRIBUTE Update attribute Administrator “{0}” attempted to update an attribute
eventSystem 16065 DELETE_ATTRIBUTE Delete attribute Administrator “{0}” attempted to delete an attribute
eventSystem 16066 CREATE_ATTRIBUTE_MAPPING
Map attribute Administrator “{0}” attempted to map an attribute
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 119
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16067 READ_ATTRIBUTE_MAPPING Read attribute mapping
Administrator “{0}” attempted to read mappings for an attribute definition
eventSystem 16068 DELETE_ATTRIBUTE_MAPPING
Delete attribute mapping
Administrator “{0}” attempted to delete mapping of an attribute
eventSystem 16069 CREATE_ADMIN_ROLE Create administrative role
Administrator “{0}” attempted to create an administrative role
eventSystem 16070 DELETE_ADMIN_ROLE Delete administrative role
Administrator “{0}” attempted to delete an administrative role
eventSystem 16071 READ_ADMIN_ROLE Read administrative role
Administrator “{0}” attempted to read an administrative role
eventSystem 16072 UPDATE_ADMIN_ROLE Update administrative role
Administrator “{0}” attempted to update an administrative role
eventSystem 16073 LINK_PRINCIPAL_ADMIN_ROLE
Associate principal with administrative role
Administrator “{0}” attempted to associate a principal with an administrative role
eventSystem 16074 UNLINK_PRINCIPAL_ADMIN_ROLE
Disassociate principal from administrative role
Administrator “{0}” attempted to disassociate a principal from an administrative role
eventSystem 16075 INITIALIZE_PERMISSIONS Initialize permissions
System attempted to load permission types from the database
Event Category Action ID Action Key Description Message
120 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16076 AUTHN_BROKER_INIT_EVENT
Initialize authentication broker
System attempted to initialize the authentication broker
eventSystem 16077 CREATE_PWD_POLICY Create password policy
Administrator “{0}” attempted to create a password policy
eventSystem 16078 DELETE_PWD_POLICY Delete password policy
Administrator “{0}” attempted to delete password policy “{4}”
eventSystem 16079 UPDATE_PWD_POLICY Update password policy
Administrator “{0}” attempted to update password policy “{4}”
eventSystem 16080 READ_PWD_POLICY Read password policy
Administrator “{0}” attempted to read password policy “{4}”
eventSystem 16081 CREATE_LOCKOUT_POLICY Create lockout policy
Administrator “{0}” attempted to create a lockout policy
eventSystem 16082 DELETE_LOCKOUT_POLICY Delete lockout policy
Administrator “{0}” attempted to delete lockout policy “{4}”
eventSystem 16083 UPDATE_LOCKOUT_POLICY Update lockout policy
Administrator “{0}” attempted to update lockout policy “{4}”
eventSystem 16084 READ_LOCKOUT_POLICY Read lockout policy
Administrator “{0}” attempted to read lockout policy “{4}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 121
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16085 CREATE_AUTH_POLICY Create authentication policy
Administrator “{0}” attempted to create an authentication policy
eventSystem 16086 DELETE_AUTH_POLICY Delete authentication policy
Administrator “{0}” attempted to delete authentication policy “{4}”
eventSystem 16087 UPDATE_AUTH_POLICY Update authentication policy
Administrator “{0}” attempted to update authentication policy “{4}”
eventSystem 16088 READ_AUTH_POLICY Read authentication policy
Administrator “{0}” attempted to read authentication policy “{4}”
eventSystem 16089 DENIAL_OF_SERVICE Denial-of-service attack detected
Denial-of-service attack detected. Server received “{4}” failed authentications from user “{3}”
eventSystem 16090 READ_PWD_DIC Read password dictionary
System attempted to read the password dictionary
eventSystem 16091 DELETE_PWD_DIC Delete password dictionary
System attempted to delete the password dictionary
eventSystem 16092 UNLINK_SECURITY_DOMAIN_POLICIES
Unlink policies from security domain
Administrator “{0}” attempted to unlink policies from security domain “{3}”
Event Category Action ID Action Key Description Message
122 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16093 UNLINK_SECURITY_DOMAIN_AUTHN_POLICY
Unlink policies from security domain
Administrator “{0}” attempted to unlink the authentication policy from security domain “{3}”
eventSystem 16094 UNLINK_SECURITY_DOMAIN_PWD_POLICY
Unlink policies from security domain
Administrator “{0}” attempted to unlink the password policy from security domain “{3}”
eventSystem 16095 UNLINK_SECURITY_DOMAIN_LCK_POLICY
Unlink policies from security domain
Administrator “{0}” attempted to unlink the lockout policy from security domain “{3}”
eventSystem 16096 CREATE_GROUP Create group Administrator “{0}” attempted to create a group
eventSystem 16097 UPDATE_GROUP Update group Administrator “{0}” attempted to update a group
eventSystem 16098 UNREGISTER_GROUP Unregister group Administrator “{0}” attempted to unregister a group
eventSystem 16099 READ_GROUP Read group Administrator “{0}” attempted to read a group
eventSystem 16100 DELETE_GROUP Delete group Administrator “{0}” attempted to delete group “{4}” ; stored in an identity source
eventSystem 16101 LINK_GROUP_GROUP Associate group with group
Administrator “{0}” attempted to associate a group with another group
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 123
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16102 UNLINK_GROUP_GROUP Disassociate group from group
Administrator “{0}” attempted to disassociate a group from another group
eventSystem 16103 LINK_GROUP_PRINCIPAL Associate group with principal
Administrator “{0}” attempted to associate a group with a principal
eventSystem 16104 UNLINK_GROUP_PRINCIPAL Disassociate group from principal
Administrator “{0}” attempted to disassociate a principal from a group
eventSystem 16105 CREATE_GROUP_PARTIAL_FAILURE
Create group with partial failure
Administrator “{0}” created group “{5}” in identity source “{3}”. Although the operation partially failed ; the group might still exist in the directory
eventSystem 16106 CREATE_PRINCIPAL Create principal Administrator “{0}” attempted to create a principal
eventSystem 16107 REGISTER_PRINCIPAL Register principal Administrator “{0}” attempted to register a principal: “{3}”
eventSystem 16108 UNREGISTER_PRINCIPAL Unregister principal
Administrator “{0}” attempted to unregister a principal
eventSystem 16109 DELETE_PRINCIPAL Delete principal Administrator “{0}” attempted to delete a principal
Event Category Action ID Action Key Description Message
124 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16110 UPDATE_PRINCIPAL Update principal Administrator “{0}” attempted to update a principal
eventSystem 16111 READ_PRINCIPAL Read principal Administrator “{0}” attempted to read a principal
eventSystem 16112 REMOVE_ORPHANED_PRINCIPALS
Clean up unresolvable users
Administrator “{0}” attempted to clean up unresolvable users
eventSystem 16113 CREATE_PRINCIPAL_PARTIAL_FAILURE
Create principal with partial failure
Administrator “{0}” created a user “{5}” in identity source “{3}”. Although the operation partially failed ; the user might still exist in the directory
eventSystem 16114 CREATE_PRINCIPAL_PREFERENCES
Assign console preferences to principal
Administrator “{0}” attempted to assign preferences to a principal
eventSystem 16115 DELETE_PRINCIPAL_PREFERENCES
Remove console preferences for principal
Administrator “{0}” attempted to remove preferences from a principal
eventSystem 16116 UPDATE_PRINCIPAL_PREFERENCES
Update console preferences for principal
Administrator “{0}” attempted to update preferences for a principal
eventSystem 16117 READ_PRINCIPAL_PREFERENCES
Read user preferences
Administrator “{0}” attempted to read the preferences of a user
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 125
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16118 CREATE_REALM_PREFERENCES
Assign console preferences to realm
Administrator “{0}” attempted to assign preferences for a realm
eventSystem 16119 DELETE_REALM_PREFERENCES
Remove console preferences for realm
Administrator “{0}” attempted to remove preferences from a realm
eventSystem 16120 UPDATE_REALM_PREFERENCES
Update console preferences for realm
Administrator “{0}” attempted to change preferences for a realm
eventSystem 16121 READ_REALM_PREFERENCES Read console preferences for realm
Administrator “{0}” attempted to read preferences for a realm
eventSystem 16130 READ_SERVER_ACCESS_INFO Read server access info
System attempted to read server access info
eventSystem 16131 READ_REPORT_PROPERTY Read report property
System attempted to access a report property
eventSystem 16133 JMS_INIT Initialize JMS System attempted to initialize the JMS system
eventSystem 16134 JMS_HANDLE_EVENT Handle JMS event
System attempted to process a received JMS event from broadcast
eventSystem 16135 JMS_PUBLISH_EVENT Publish JMS event
System attempted to broadcast a JMS event for event consumers
Event Category Action ID Action Key Description Message
126 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16136 JMS_CLUSTERING_START Cache clustering startup
Cache JMS clustering system for cache instance “{3}” was initialized
eventSystem 16137 JMS_CLUSTERING_SHUTDOWN
Cache clustering shutdown
Cache JMS clustering system for cache instance “{3}” was shut down
eventSystem 16138 JMS_SEND_BATCH_NOTIFICATION
Cache notification event
Cache JMS clustering system for cache instance “{3}” sent a batch message notification
eventSystem 16139 JMS_CONTENTS_DOWNLOAD Cache contents download
System attempted to download cache contents for cache instance “{3}”
eventSystem 16140 JMS_SCHEDULE_DEFERRED_CONTENTS_DOWNLOAD
Schedule deferred cache contents download
System attempted to verify deferred cache contents download for cache instance “{3}”
eventSystem 16141 JMS_DEFERRED_CONTENTS_DOWNLOAD
Deferred cache contents download
System completed deferred cache contents download for cache instance “{3}”
eventSystem 16142 SESSION_ADD_CONFIGURATION
Add session configuration
Administrator “{0}” added session configuration information
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 127
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16143 SESSION_READ_CONFIGURATION
Fetch session configuration
Administrator “{0}” fetched session configuration information
eventSystem 16144 SESSION_UPDATE_CONFIGURATION
Update session configuration
Administrator “{0}” updated session configuration information
eventSystem 16145 SESSION_DELETE_CONFIGURATION
Delete session configuration
Administrator “{0}” deleted session configuration information
eventSystem 16146 SESSION_SEARCH_CONFIGURATION
Search session configuration
Administrator “{0}” searched session configuration information
eventSystem 16147 SESSION_ADD_LIFETIME_CONFIGURATION
Add session lifetime
Administrator “{0}” added a session lifetime configuration named “{3}”
eventSystem 16148 SESSION_READ_LIFETIME_CONFIGURATION
Fetch session lifetime
Administrator “{0}” fetched a session lifetime configuration named “{3}”
eventSystem 16149 SESSION_UPDATE_LIFETIME_CONFIGURATION
Update session lifetime
Administrator “{0}” updated a session lifetime configuration named “{3}”
eventSystem 16150 SESSION_DELETE_LIFETIME_CONFIGURATION
Delete session lifetime
Administrator “{0}” deleted a session lifetime configuration named “{3}”
Event Category Action ID Action Key Description Message
128 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16151 SESSION_SEARCH_LIFETIME_CONFIGURATION
Search session lifetime
Administrator “{0}” searched session lifetime configurations
eventSystem 16152 SESSION_SEARCH_ACTIVE Search active sessions
Administrator “{0}” searched active sessions
eventSystem 16153 CONF_READ Read configuration
Administrator “{0}” read configuration data for scope “{3}” ; section “{4}”
eventSystem 16154 CONF_METADATA_INSTALLED
Install congfiguration metadata
Administrator “{0}” installed configuration metadata for scope “{4}” ; parameter “{3}”
eventSystem 16155 CONF_METADATA_REMOVED Remove congfiguration metadata
Administrator “{0}” removed configuration metadata for scope “{3}” ; section “{4}”
eventSystem 16156 CONF_METADATA_CHANGED Change configuration metadata
Administrator “{0}” changed configuration metadata for scope “{4}” ; parameter “{3}”. “{6}”
eventSystem 16157 CONF_VALUE_ADDED Add configuration
Administrator “{0}” added configuration parameter “{3}” for scope “{4}” ; value “{5}”. {6}
eventSystem 16158 CONN_POOL_GET_CONNECTION
Retrieve connection
System attempted to retrieve connection for “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 129
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16159 CONN_POOL_FAILOVER Primary connection pool failed
Primary connection pool for “{3}” failed
eventSystem 16160 CONN_POOL_RESTORE Primary connection pool restored
Primary connection pool for “{3}” restored
eventSystem 16161 SNMP_READ_CONFIG Read SNMP agent configuration
System attempted to read SNMP agent configuration parameter “{3}”
eventSystem 16162 SNMP_AGENT_START Start SNMP agent System attempted to start an SNMP agent
eventSystem 16163 SNMP_AGENT_STOP Stop SNMP agent System attempted to stop an SNMP agent
eventSystem 16164 KM_KEY_BIND Bind key Administrator “{0}” bound key “{3}”
eventSystem 16165 KM_KEY_UNBIND Unbind key Administrator “{0}” unbound key “{3}”
eventSystem 16166 KM_KEY_FETCH Fetch key Administrator “{0}” fetched key “{3}”
eventSystem 16167 KM_KEY_UPDATE Update key Administrator “{0}” updated key “{3}”
eventSystem 16168 KM_KEY_PASSWORD_RESET Reset key password
Administrator “{0}” reset password for key “{3}”
eventSystem 16169 AA_PROCESS_REQUEST SSO request System processed an SSO request
Event Category Action ID Action Key Description Message
130 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16170 CONSOLE_INTEGRATION_INIT
Console Integration Service initialization
System attempted to initialize the Console Integration Service
eventSystem 16171 CONSOLE_INTEGRATION_REGMENU
Console Integration Service: Register menu
System attempted to register a menu
eventSystem 16172 CONSOLE_INTEGRATION_REGDOMENU
Console Integration Service: Register domain object menu
System attempted to register a domain object menu
eventSystem 16173 CONSOLE_INTEGRATION_REGPAGEHELP
Console Integration Service: Register page help
System attempted to register page help
eventSystem 16174 CONSOLE_INTEGRATION_REGCONSOLECONFIG
Console Integration Service: Register console configurations
System attempted to register console configurations
eventSystem 16175 LINK_SECURITY_DOMAIN_POLICIES
Link policies to security domain
Administrator “{0}” attempted to link policies to security domain “{3}”
eventSystem 16176 SYSTEM_STARTUP System startup System attempted to start up
eventSystem 16177 SYSTEM_SHUTDOWN System shutdown System attempted to shut down
eventSystem 16178 REPLICATION_NETWORK_FAILURE
Replication status A replication connection has been broken
eventSystem 16179 REPLICATION_PROCESS_FAILURE
Replication status A replication process is either stopped or abnormal
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 131
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16180 REPLICATION_PROCESS_ERROR
Replication status A replication process stopped with an error
eventSystem 16181 GENERATE_SCRIPT Generate script System attempted to generate a replication-related script
eventSystem 16182 REPLICATION_SYSTEM_SETUP
Replica setup Administrator “{0}” attempted to create or modify the replication setup
eventSystem 16183 TERMINATE_DB_COMMAND Terminate database operation
System attempted to terminate a database import or export job
eventSystem 16184 EXPORT_DB_COMMAND Export database Administrator “{0}” attempted to export the database contents
eventSystem 16185 IMPORT_DB_COMMAND Import database Administrator “{0}” attempted to import the database contents
eventSystem 16186 EXECUTE_SQL_SCRIPT Execute SQL script
Administrator attempted to perform action “{6}” using the store utility
eventSystem 16187 PULL_FROM_REPLICAS Pull out-of-band updates from replicas
Administrator “{0}” attempted to pull out-of-band updates from replica sites “{3}”
eventSystem 16188 CREATE_SELFSERVICE_POLICY
Create self-service troubleshooting policy
Administrator “{0}” attempted to create an self-service troubleshooting policy
Event Category Action ID Action Key Description Message
132 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16189 DELETE_SELFSERVICE_POLICY
Delete self-service troubleshooting policy
Administrator “{0}” attempted to delete self-service troubleshooting policy “{4}”
eventSystem 16190 UPDATE_SELFSERVICE_POLICY
Update self-service troubleshooting policy
Administrator “{0}” attempted to update self-service troubleshooting policy “{4}”
eventSystem 16191 READ_SELFSERVICE_POLICY Read self-service troubleshooting policy
Administrator “{0}” attempted to read self-service troubleshooting policy “{4}”
eventSystem 16192 UNLINK_SECURITY_DOMAIN_SELFSERVICE_POLICY
Unlink policies from security domain
Administrator “{0}” attempted to unlink the self-service troubleshooting policy from security domain “{3}”
eventSystem 16193 CREATE_IDENTITY_MAPPING Create identity mapping
Administrator “{0}” attempted to create an identity mapping
eventSystem 16194 UPDATE_IDENTITY_MAPPING Update identity mapping
Administrator “{0}” attempted to update an identity mapping
eventSystem 16195 READ_IDENTITY_MAPPING Read identity mapping
Administrator “{0}” attempted to read an identity mapping
eventSystem 16196 DELETE_IDENTITY_MAPPING Delete identity mapping
Administrator “{0}” attempted to delete an identity mapping
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 133
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16197 CREATE_SECURITY_QUESTIONS_POLICY
Create security question policy
Administrator “{0}” attempted to create security question policy “{4}”
eventSystem 16198 DELETE_SECURITY_QUESTIONS_POLICY
Delete security question policy
Administrator “{0}” attempted to delete security question policy “{4}”
eventSystem 16199 UPDATE_SECURITY_QUESTIONS_POLICY
Update security question policy
Administrator “{0}” attempted to update security question policy “{4}”
eventSystem 16200 READ_SECURITY_QUESTIONS_POLICY
Read security question policy
Administrator “{0}” attempted to read security question policy “{4}”
eventSystem 16201 CREATE_TRUST Create trust Administrator “{0}” attempted to create a trust
eventSystem 16202 UPDATE_TRUST Update trust Administrator “{0}” attempted to update a trust
eventSystem 16203 READ_TRUST Read trust Administrator “{0}” attempted to read a trust
eventSystem 16204 DELETE_TRUST Delete trust Administrator “{0}” attempted to delete a trust
eventSystem 16211 CREATE_TRUST_DOMAIN Create trust domain
Administrator “{0}” attempted to create a trust domain
Event Category Action ID Action Key Description Message
134 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16212 UPDATE_TRUST_DOMAIN Update trust domain
Administrator “{0}” attempted to update a trust domain
eventSystem 16213 READ_TRUST_DOMAIN Read trust domain
Administrator “{0}” attempted to read a trust domain
eventSystem 16214 DELETE_TRUST_DOMAIN Delete trust domain
Administrator “{0}” attempted to delete a trust domain
eventSystem 16221 CREATE_TRUST_INSTANCE Create trust instance
Administrator “{0}” attempted to create a trust instance
eventSystem 16222 UPDATE_TRUST_INSTANCE Update trust instance
Administrator “{0}” attempted to update a trust instance
eventSystem 16223 READ_TRUST_INSTANCE Read trust instance
Administrator “{0}” attempted to read a trust instance
eventSystem 16224 DELETE_TRUST_INSTANCE Delete trust instance
Administrator “{0}” attempted to delete a trust instance
eventSystem 16225 READ_DATA_FILE_USAGE Read data file usage
Administrator “{0}” attempted to read a usage data file
eventSystem 16226 READ_LOG_FILE_USAGE Read log file usage
Administrator “{0}” attempted to read a log usage file
eventSystem 16227 DB_SPACE_USAGE_ALERT Database space usage alert
The database storage monitoring process produced an alert
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 135
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16228 CREATE_ATTRIBUTE_CATEGORY
Create attribute Administrator “{0}” attempted to create an attribute category
eventSystem 16229 UPDATE_ATTRIBUTE_CATEGORY
Update attribute Administrator “{0}” attempted to update an attribute category
eventSystem 16230 SEND_SMTP_MESSAGE Send SMTP message
System attempted to send an SMTP message to “{3}” with the subject “{4}”
eventSystem 16231 SMTP_CONNECT SMTP connect System attempted to connect to the SMTP server in order to configure it
eventSystem 16232 DB_BACKUP_RESTORE Database backup and restore
System attempted to back up or restore the database
eventSystem 16233 DB_SPACE_USAGE_MANAGEMENT
Database space management
System attempted to configure the database table space usage
eventSystem 16234 ORACLE_COMMON_OPERATION
Oracle common management utility
System attempted to configure the Oracle database
eventSystem 16235 SNMP_TEST_TRAP SNMP test trap System attempted to send an SNMP test trap
eventSystem 16236 DELETE_SIGNING_KEY Delete log signing key
System attempted to delete a log signing key with GUID “{3}”
eventSystem 16237 FLUSH_COMMAND_TARGET_CACHE
Flush command target cache
System flushed the command target cache
Event Category Action ID Action Key Description Message
136 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16238 FLUSH_COMMAND_TARGET_CACHE_ENTRY
Flush command target cache entry
System flushed a command target cache entry
eventSystem 16239 CREATE_COMMAND_TARGET Create command target
System attempted to create a command target for trust “{4}”
eventSystem 16240 STORE_PWD_DIC Store password dictionary
System attempted to store the password dictionary
eventSystem 16241 ARCHIVE_LOG_FILE_SIGN Sign archive log file
An archive log batch job tried to sign archive log file “{3}”
eventSystem 16242 ARCHIVE_LOG_FILE_VERIFY Verify archive log file signature
An archive log batch job tried to verify the signature of file “{3}”
eventSystem 16243 XML_SERIALIZER_CONFIGURATION
XML serializer configuration
XML serializer tried to perform a configuration
eventSystem 16244 XML_SERIALIZER_INITIALIZING
XML serializer initializing
XML serializer tried to initialize the engine
eventSystem 16245 XML_SERIALIZER_BEAN_PARSING
XML serializer parsing failure
XML serializer failed to parse bean structure for class “{3}” ; property “{4}”
eventSystem 16246 XML_SERIALIZER_PARSING XML serializer parsing failure
XML serializer failed to parse the XML structure
eventSystem 16247 XML_SERIALIZER_CLASS_LOADING
XML serializer class-loading failure
XML serializer failed to load class “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 137
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16248 CLU_AUDIT_LOG_COPY Copy audit log entries
Batch job attempted to copy CLU audit log entries from table “{3}”
eventSystem 16249 SESSION_MAX_LIMIT_FORCED_LOGOFF
Force session logoff
Session was terminated because it exceeded the maximum number of sessions allowed per instance
eventSystem 16250 SESSION_USER_LIMIT_FORCED_LOGOFF
Force session logoff
Session was terminated because it exceeded the maximum number of sessions allowed per user
eventSystem 16252 REGISTRY_INIT_DEPLOYMENT_UUID
Initialize deployment UUID
System attempted to initialize the deployment UUID
eventSystem 16253 PROCESS_SECURITY_QUESTIONS
Processing answers to security questions
System was processing the user's answers to security questions
eventSystem 16254 REPLICATION_PROCESS_STATUS
Replication process status
Replication propagation process restarting for scheduled maintenance
eventSystem 16255 CONF_VALUE_DELETED Delete configuration
Administrator “{0}” deleted configuration parameter “{3}” from scope “{4}” ; value “{5}”. {6}
Event Category Action ID Action Key Description Message
138 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16256 CONF_VALUE_UPDATED Update configuration
Administrator “{0}” updated configuration parameter “{3}” for scope “{4}” ; value “{5}”. {6}
eventSystem 16257 SYNC_PROPERTIES Synchronize properties
Synchronize system properties.
eventSystem 16274 DATABASE_BACKUP Database backup System attempted to backup the database
eventSystem 16258 UPDATE_BATCH_JOB_STATUS_ERROR
Update batch job status
System failed to update batch job's status
eventSystem 16276 OC_PROMOTE_REPLICA Promote replica to be primary via OC
Operations Console administrator “{0}” attempted to promote a replica instance to primary instance
eventSystem 16277 OC_ADD_REPLICA Add replica to primary via OC
Operations Console administrator “{0}” attempted to add replica instance “{3}”
eventSystem 16278 OC_REMOVE_REPLICA Remove replica via OC
Operations Console administrator “{0}” attempted to remove a replica instance
eventSystem 16279 OC_ATTACH_REPLICA Attach detached replica via OC
Operations Console administrator “{0}” attempted to reattach a replica instance to the primary instance
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 139
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16280 OC_REPLICATION_STATUS View replication status via OC
Operations Console administrator “{0}” attempted to view replication status
eventSystem 16281 OC_CLEAN_DEMOTED_PRIMARY
Clean demoted primary via OC
Operations Console administrator “{0}” attempted to clean the demoted primary instance
eventSystem 16282 OC_ATTACH_DEMOTED_PRIMARY
Attach a demoted primary instance via OC
Operations Console administrator “{0}” attempted to attach a demoted primary instance
eventSystem 16283 OC_CLEAN_DELETED_OFFLINE_REPLICA
Clean a replica deleted when offline via OC
Operations Console administrator “{0}” attempted to clean an offline replica instance that was previously deleted
eventSystem 16284 OC_LIST_INSTANCES List all instances via OC
Operations Console administrator “{0}” attempted to list all instances in the deployment
eventSystem 16285 OC_SYNC_REPLICA Synchronize replica with primary instances via OC
Operations Console administrator “{0}” attempted to synchronize all replicas instances
Event Category Action ID Action Key Description Message
140 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16259 REPLICATION_LINK_STATUS Check replication status
System checked replicaton status between the primary {3} and the replica {4} in the direction {5}
eventSystem 16260 REPLICATION_ARCHIVE_LOG_USAGE_CHECK
Check replication archive log usage
System checked replication archive log usage and found {3} MB used out of {4} MB allocated
eventSystem 16261 BATCH_CLEANUP_ORPHANED_PRINCIPALS_SKIP
Clean up unresolvable users and groups
The system attempted to clean up unresolvable principals ; but was unable to clean up user “{3}” in identity source “{4}”.
eventSystem 16262 BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT
Clean up unresolvable users and groups
Cleanup of unresolvable users was not possible. Found {3} users ; which exceeded the automated cleanup limit of {4} users.
eventSystem 16263 FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE
Find user across Identity Sources
System attempted to find user “{0}” across identity sources
eventSystem 16264 MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILURE
System cannot process this authentication request
User cannot be found across identity sources. User “{3}” will not be allowed to authenticate for the next 60 minutes.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 141
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16265 DETERMINE_RELATED_IDENTITY_SOURCE
Attempting to determine whether the given identity sources connect to the same directory server
System cannot determine whether identity source “{3}” and identity source “{4}” are connecting to the same directory server.
eventSystem 16266 SEARCH_PRINCIPALS Search users System attempted to search users in identity source “{3}”
eventSystem 16286 READ_SECURITY_QUESTIONS_LIST
Read security questions list
Administrator “{0}” attempted to read security questions list “{4}”
eventSystem 16287 RBA_USER_COUNT RBA user count System attempted to count the number of RBA users
eventSystem 16288 AA_OFFLINE_TASK AA offline task System attempted to run AA offline task
eventSystem 16289 RBA_DEVICE_MANAGEMENT RBA device management
System attempted to cleanup expired and over the limit user devices
eventSystem 16290 STOP_SERVICE Stop service Attempting to stop service “{3}”
eventSystem 16291 START_SERVICE Start Service Attempting to start service “{3}”.
eventSystem 16294 IDENTITY_SOURCE_GET_CONNECTION_FAILED
Failed to connect to identity source
Cannot process requests that need access to identity source “{3}”. The identity source is currently unreachable.
Event Category Action ID Action Key Description Message
142 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16295 TRACK_USER_MOVE_IN_REPLICA_FAILED_REACHING_PRIMARY
System cannot process this authentication request
The user''s distinguished name has changed. Cannot contact primary instance to update the user.Authentication requests from “{3}” to this instance will not be successful until primary updates the user.
eventSystem 16296 TRACK_USER_MOVE_IN_REPLICA_FAILED
System cannot process this authentication request
The user''s distinguished name has changed. Either the primary could not update the user or the primary cannot be contacted. Authentication requests from “{3}” to this instance will not be successful until primary updates the user.
eventSystem 16297 BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED
System cannot initialize related identity source cache
System cannot initialize related identity sources for identity source “{3}”
eventSystem 16298 UNABLE_LOOKUP_NAMING_CONTEXTS_ROOT_DSE
System cannot lookup directory server''s root DSE attributes
System cannot lookup directory server''s root DSE attributes for identity source “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 143
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16299 UPDATE_PRINCIPAL_FOR_LDAP_CHANGE
Update principal System attempted to update principal “{3}” based on changes made in identity source “{4}”
eventSystem 16300 CREATE_BACKUP_ORIG_PRIMARY
Create Backup Created backup in the original primary instance at “{3}”
eventSystem 16301 PRINCIPAL_WITH_DUPLICATE_USERID
Duplicate user ID user found
User ID “{3}” already exists. User IDs must be unique within an identity source
eventSystem 16302 INVALID_PRINCIPAL Invalid user state User ID “{3}” already exists. User IDs must be unique within an identity source
eventSystem 16303 IMPORT_BACKUP_PROMOTED_REPLICA
Import Backup Importing backup on the promoted Replica instance from the following location “{3}”
eventSystem 16304 TRANSFER_BACKUP_PROMOTED_REPLICA
Transfer Backup Transferred backup “{3}” to the promoted Replica instance
eventSystem 16317 CREATE_RBA_POLICY Create RBA policy
Administrator “{0}” attempted to create an RBA policy
eventSystem 16318 DELETE_RBA_POLICY Delete RBA policy
Administrator “{0}” attempted to delete RBA policy “{4}”
Event Category Action ID Action Key Description Message
144 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16319 UPDATE_RBA_POLICY Update RBA policy
Administrator “{0}” attempted to update RBA policy “{4}”
eventSystem 16320 READ_RBA_POLICY Read RBA policy Administrator “{0}” attempted to read RBA policy “{4}”
eventSystem 16321 UNLINK_SECURITY_DOMAIN_RBA_POLICY
Unlink policies from security domain
Administrator “{0}” attempted to unlink the RBA policy from security domain “{3}”
eventSystem 16322 AA_MAINTENANCE_TASK AA maintenance task
System attempted to run AA maintenance task procedure “{0}”
eventSystem 16323 RBA_AUTHN_ATTEMPT Risk Based Authentication attempt
User attempted to authenticate via RBA
eventSystem 16324 UPDATE_SECURITY_QUESTIONS_LIST
update security questions list
Administrator “{0}” attempted to read security questions list “{4}”
eventSystem 16325 CREATE_SECURITY_DOMAIN_MAPPING
Create Security Domain mapping
Administrator “{0}” attempted to create security domain mapping for identity source “{3}”
eventSystem 16326 READ_SECURITY_DOMAIN_MAPPING
Read Security Domain mapping
Administrator “{0}” attempted to read security domain mapping for identity source “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 145
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16327 UPDATE_SECURITY_DOMAIN_MAPPING
Update Security Domain mapping
Administrator “{0}” attempted to update security domain mapping for identity source “{3}”
eventSystem 16328 DELETE_SECURITY_DOMAIN_MAPPING
Delete Security Domain mapping
Administrator “{0}” attempted to delete security domain mapping for identity source “{3}”
eventSystem 16329 READ_ACTIVE_USERS Unable to read active users from the system configuration
System failed to read the licensed number of active users from the system configuration
eventSystem 16330 REGISTRY_INSTANCE_MOST_RECENT_UPDATE_TIME
Getting last instance update time
System attempted to get last instance update time
eventSystem 16331 FILE_SERVICE_CREATE_FILE Creating new file for upload service
Administrator attempted to create new file for upload service
eventSystem 16332 FILE_SERVICE_DELETE_FILE Deleting uploaded file
Administrator attempted to delete uploaded file
eventSystem 16333 FILE_SERVICE_APPEND_FILE Appending data to file for upload
Administrator attempted to append data to upload file
eventSystem 16334 FILE_SERVICE_OPEN_FILE Opening uploaded file
Administrator attempted to open uploaded file
eventSystem 16335 WEBTIER_BIZTIER_TIME_NOT_IN_SYNC
Web-tier time not in sync
Web-tier time is not in sync with biz-tier server
Event Category Action ID Action Key Description Message
146 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16336 CONN_POOL_OFFLINE All connection pools failed
All connection pools for “{3}” failed
eventSystem 16337 CREATE_DATABASE_BACKUP Create Backup Create backup of internal database at “{3}”
eventSystem 16338 RESTORE_DATABASE_BACKUP
Restore database Restore backup of internal database from “{3}”
eventSystem 16339 LICENSE_INVALID_SIGNING_MATERIAL
Invalid license signing material
System does not recognize license signing material
eventSystem 16340 IMPORT_SECRETS Import secrets Import contents of the password-protected file into the system fingerprint.
eventSystem 16341 EXPORT_SECRETS Export secrets Export contents of the system fingerprint to the password-protected file.
eventSystem 16342 RECOVER_SECRETS Recover secrets Recover the system fingerprint.
eventSystem 16343 CHANGE_SECRETS_MASTER_PASSWORD
Change master password
Change the master password for the system fingerprint.
eventSystem 16344 MANAGE_SSL_CERT_IMPORT Import certificate Import the certificate “{3}” into the keystore “{4}”.
eventSystem 16345 MANAGE_SSL_CERT_CONFIG_SERVER
Configure server Configure the server “{3}” to use the new private key alias and password.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 147
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16346 OC_CREATE_IDENTITY_SOURCE
Create identity source
Operations Console administrator “{0}” attempted to create an identity source “{3}” using Super Admin credentials of “{4}”.
eventSystem 16347 OC_DELETE_IDENTITY_SOURCE
Delete identity source
Operations Console administrator “{0}” attempted to delete an identity source “{3}” using Super Admin credentials of “{4}”.
eventSystem 16348 OC_UPDATE_IDENTITY_SOURCE
Update identity source
Operations Console administrator “{0}” attempted to update an identity source “{3}” using Super Admin credentials of “{4}”.
eventSystem 16349 COPY_DATABASE_LOGS Copy database logs
System attempted to copy database audit logs from external database to internal database.
eventSystem 16350 CRITICAL_NOTIFICATION Critical System Event Notification
System ecountered a critical event.
eventSystem 16351 DELETE_JOB_RESTRICTED_TO_NON_EXISTING_INSTANCE
Delete batch job restircted to non-existing instance
Administrator “{0}” attempted to delete job restricted to non-existing instance “{3}”
Event Category Action ID Action Key Description Message
148 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 16352 REGISTRY_INSTANCE_VERSION_LOOKUP
Look up instance version
Administrator “{0}” attempted to read an instance's version
eventSystem 16353 REGISTRY_INSTANCE_VERSION_UPDATE
Update instance version
System attempted to update the version for the instance “{3}”
eventSystem 16354 UPDATE_WEBTIER_CUSTOMIZATION
Update Webtier Customization
Administrator “{0}” attempted to update Webtier Customization Configuration
eventSystem 16355 READ_WEBTIER_CUSTOMIZATION
Read Webtier Customization
Administrator “{0}” attempted to read Webtier Customization Configuration
eventSystem 26001 AUTHMGR_BEAN_CONVERT Convert Bean Administrator “{0}” attempted to convert one bean to other
eventSystem 26002 AUTHMGR_AGENT_CREATE Create Agent Administrator “{0}” attempted to create an AM agent
eventSystem 26003 AUTHMGR_AGENT_DELETE Delete Agent Administrator “{0}” attempted to delete an AM agent
eventSystem 26004 AUTHMGR_AGENT_ENABLE Enable Agent Administrator “{0}” attempted to enable an AM agent
eventSystem 26005 AUTHMGR_AGENT_READ Read Agent Administrator “{0}” attempted to read an AM agent
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 149
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26006 AUTHMGR_AGENT_UPDATE Update Agent Administrator “{0}” attempted to update an AM agent
eventSystem 26007 AUTHMGR_APS_LIST_CONFIG_READ
Read Agent Protocol Server List Config
Administrator “{0}” attempted to read Agent Protocol Server list config “{3}”
eventSystem 26008 UPDATE_AM_PRINCIPAL Update AM Principal
Administrator “{0}” attempted to update principal
eventSystem 26009 EXPORT_SOFT_TOKEN Export Soft Token
Administrator “{0}” attempted to export soft token
eventSystem 26010 IMPORT_TOKEN Import Token Administrator “{0}” attempted to import token
eventSystem 26011 PROCESS_REFERENTIAL_INTEGRITY_MESSAGES
Process Referential Integrity Message
Administrator “{0}” attempted to process referential integrity message
eventSystem 26012 READ_AGENT Read Agent Administrator “{0}” attempted to read agent
eventSystem 26013 READ_AM_PRINCIPAL Read AM Principal
Administrator “{0}” attempted to read AM principal
eventSystem 26014 READ_AM_TOKEN_EMERGENCY_ACCESS_INFO
Read Token Emergency Access Info
Administrator “{0}” attempted to read token emergency access
eventSystem 26015 READ_OA_POLICY Read Offline Authentication Policy
Attempted to read offline authentication policy
Event Category Action ID Action Key Description Message
150 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26016 LOCATE_REALM_DEFAULT_OA_POLICY
Locate Realm Default Offline Authentication Policy
Administrator “{0}” attempted to locate realm default offline authentication policy
eventSystem 26017 READ_REPLACEMENT_TOKEN
Read Replacement Token
Administrator “{0}” attempted to read replacement token
eventSystem 26018 READ_SERVER_CONFIG Read Server Configuration
Attempted to read server configuration
eventSystem 26019 READ_SERVER_LIST Read Server List Attempted to read server list
eventSystem 26020 READ_TOKEN Read Token Attempted to read token
eventSystem 26021 SYNC_TOKENS Sync Token Administrator “{0}” attempted to sync token “{3}”
eventSystem 26022 UPDATE_AM_TOKEN_OFFLINE_EMERGENCY_ACCESS_INFO
Update Token Offline Emergency Access Info
Administrator “{0}” attempted to update token offline emergency access
eventSystem 26023 CONNECTION_ERROR Socket Connection Error
Error occurred while communicating with remote host “{3}”:“{4}”. Socket is locally bound to “{5}”:“{6}”
eventSystem 26024 INIT_WPCODE_MATCHER Init WPCODE Matcher
Attempted to initialize the WPCODE matcher
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 151
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26025 NEXT_AVAILABLE_AM_TOKEN
Get Next Available Token
Administrator “{0}” attempted to get the next available token
eventSystem 26026 SEARCH_AM_TOKEN Search Token Administrator “{0}” attempted to search token
eventSystem 26027 VALIDATE_NEW_PIN Validate New PIN Attempted to validate the new PIN
eventSystem 26028 VALIDATE_NEXT_TOKENCODE
Validate Next Tokencode
Attempted to validate the next tokencode
eventSystem 26029 VALIDATE_PASSCODE Validate Passcode Attempted to validate the passcode
eventSystem 26030 AUTH_AGENT_LOOKUP Auth Agent Lookup
Administrator “{0}” attempted to lookup an auth agent
eventSystem 26031 READ_AGENT_ACTIVATED_GROUPS
Read Agent Activated Groups
Administrator “{0}” attempted to read agent activated groups
eventSystem 26032 READ_TOKEN_POLICY Read Token Policy
Attempted to read token policy
eventSystem 26033 LOCATE_REALM_DEFAULT_TOKEN_POLICY
Locate Realm Default Token Policy
Administrator “{0}” attempted to locate realm default token policy
eventSystem 26034 VALIDATE_NEW_STATIC_PASSCODE
Validate New Static Passcode
Attempted to validate the new static passcode
eventSystem 26035 LOOKUP_OBJECT Lookup Object Administrator “{0}” attempted to lookup object
Event Category Action ID Action Key Description Message
152 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26036 SESSION_CREATE Create Session Administrator “{0}” attempted to create session
eventSystem 26037 SYSTEM_DEFAULT_POLICY_MISCONFIGURED
System Default Policy Misconfigured
System default policy is misconfigured
eventSystem 26038 UPDATE_AM_TOKEN Update Token Administrator “{0}” attempted to update token
eventSystem 26039 AM_LINK_TOKEN_PRINCIPAL Link Token To Principal
Administrator “{0}” attempted to link token to principal
eventSystem 26040 GET_REG_USERS Get Registered Users
Administrator “{0}” attempted to get registered users
eventSystem 26041 ADJUDICATOR_CLOCK_SETBACK
Clock Setback Detected
Detected clock setback ; current:“{3}” expected:“{4}”
eventSystem 26042 ADJUDICATOR_PROCESS Adjudicator Processing
Attempted to process adjudicator request
eventSystem 26043 ADJUDICATOR_CONFIGURATION
Adjudicator Configuration
Attempted to initialize adjudicator configuration
eventSystem 26044 ADJUDICATOR_FAILOVER_CONFIGURATION
Adjudicator Failover Configuration
Adjudicator Failover configured for instance {3} using this order: {4}
eventSystem 26045 ADJUDICATOR_TIME_CHECK Time Synchronization Processing
Attempted Time Synchronization ; correct time:“{3}”
eventSystem 26046 ADJUDICATOR_FAILOVER Adjudicator Failover Event
Adjudicator Failover Event at node “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 153
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26047 SESSION_MODIFICATION Session Modification
Attempted to modify session
eventSystem 26048 AGENT_REQUEST_HANDLE Agent Request Handle
Attempted to handle an agent request
eventSystem 26049 AGENT_PACKET_RETRIEVE Agent Packet Retrieve
Attempted to retrieve an agent packet “{3}”
eventSystem 26050 AGENT_RESPONSE_SEND Agent Response Send
Attempted to send queued results back to agent
eventSystem 26051 GENERATE_REPORT Generate Report Administrator “{0}” attempted to generate report
eventSystem 26052 AUTHMGR_APS_LIST_UPDATE
Update Agent Protocol Server List
Administrator “{0}” attempted to update agent protocol server list
eventSystem 26053 AUTHMGR_APS_SYNCHRONIZATION
Agent Protocol Server Synchronization
Administrator “{0}” attempted to synchronize agent protocol servers
eventSystem 26054 AUTHMGR_HOST_DELETE Delete Host Administrator “{0}” attempted to delete host
eventSystem 26055 AUTHMGR_APS_DELETE Delete Agent Protocol Server
Administrator “{0}” attempted to delete Agent Protocol Server
eventSystem 26056 AUTHMGR_REALM_PREDELETE_TOKEN_ATTR_DELETE
Delete Predeleted Token Attributes
Administrator “{0}” attempted to delete attributes for predeleted token
eventSystem 26057 AUTHMGR_REALM_PREDELETE_TOKEN_DELETE
Delete Predeleted Realm Token
Administrator “{0}” attempted to delete token for predeleted instance
Event Category Action ID Action Key Description Message
154 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26058 AUTHMGR_REALM_PREDELETE_HOST_DELETE
Delete Predeleted Realm Host
Administrator “{0}” attempted to delete host of predeleted Realm
eventSystem 26059 AUTHMGR_REALM_PREDELETE_AGENT_DELETE
Delete Predeleted Realm Agent
Administrator “{0}” attempted to delete agent of predeleted Realm
eventSystem 26060 AUTHMGR_SD_PREDELETE_VALIDATION
Validate Predelete Administrator “{0}” attempted to validate predeleted security domain properties
eventSystem 26061 CTKIP_SERVICE_PROCESS_REQUEST
CTKIP Service Process Request
Attempted to process CTKIP request
eventSystem 26062 AUTHMGR_REALM_ADD Add Realm Administrator “{0}” attempted to add realm
eventSystem 26063 OA_SERVER_START Offline Authentication Service Startup
Attempted to start the offline authentication service
eventSystem 26064 APS_SERVER_START Start Agent Protocol Server
Attempted to start the agent protocol server
eventSystem 26065 AUTHMGR_SERVER_STARTUP
Start UDP Server Attempted to start the UDP server
eventSystem 26066 AUTHMGR_AGENT_LINK_APSLIST
Link Agent With Agent Protocol Server List
Administrator “{0}” attempted to link agent with agent protocol server list
eventSystem 26067 EXECUTE_SCRIPT Execute Script Attempted to execute script
eventSystem 26068 TCP_SERVER_STARTUP Started TCP Server
u201c{3}” started on port -- “{4}” “{5}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 155
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26069 TCP_SERVER_SHUTDOWN Shutdown TCP Server
u201c{3}” is shutting down on port -- “{4}”
eventSystem 26070 UDP_SERVER_STARTUP Started UDP Server
u201c{3}” started on port -- “{4}”
eventSystem 26071 UDP_SERVER_SHUTDOWN Shutdown UDP Server
u201c{3}” is shutting down on port -- “{4}”
eventSystem 26072 ADJUDICATOR_SERVICE_STARTUP
Started Adjudicator Service
Adjudicator service started with {3} nodes
eventSystem 26073 ADJUDICATOR_SERVICE_SHUTDOWN
Shutdown Adjudicator Service
Adjudicator service is shutting down
eventSystem 26074 SQLPLUS_COMMAND Execute SQL*Plus Command
Attempted to execute a SQL*Plus command
eventSystem 26075 TRUSTED_USER_GROUP_CREATE
Create a trusted user group
Attempted to create a trusted user group
eventSystem 26076 TRUSTED_USER_GROUP_READ
Look up a trusted user group
Attempted to look up a trusted user group
eventSystem 26077 TRUSTED_USER_GROUP_UPDATE
Update a trusted user group
Attempted to update a trusted user group
eventSystem 26078 TRUSTED_USER_GROUP_DELETE
Delete a trusted user group
Attempted to delete a trusted user group
eventSystem 26079 SYS_REMOTE_PRINCIPAL_CREATE
Create a remote principal
Attempted to create a remote principal
eventSystem 26080 SYS_REMOTE_PRINCIPAL_READ
Look up a remote principal
Attempted to look up a remote principal
Event Category Action ID Action Key Description Message
156 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26081 SYS_REMOTE_PRINCIPAL_UPDATE
Update a remote principal
Attempted to update a remote principal
eventSystem 26082 SYS_REMOTE_PRINCIPAL_DELETE
Delete a remote principal
Attempted to delete a remote principal
eventSystem 26083 AUTHMGR_TRUST_PREDELETE_VALIDATION
Validate Predelete Administrator “{0}” attempted to validate predeleted trust properties
eventSystem 26085 CREATE_AM_PRINCIPAL Create AM Principal
Attempted to create AM Principal for Principal with “{1}”.
eventSystem 26086 LOCATE_SMS_AUTHENTICATOR
Locate On-Demand Authenticator
Attempted to locate On-Demand Authenticator for On-Demand-enabled Principal “{1}”.
eventSystem 26087 LOCATE_SMS_AUTHENTICATOR_COUNT
Locate On-Demand Authenticator Count
Attempted to locate On-Demand Authenticator Count.
eventSystem 26088 DISPATCH_MESSAGE Dispatch message Attempted to dispatch a message
eventSystem 26089 MESSAGE_PROCESSOR_START
Start Message Processor
Attempted to start the message processor: “{4}”
eventSystem 26090 MESSAGE_PROCESSOR_STOP
Stop Message Processor
Attempted to stop the message processor: “{4}”
eventSystem 26091 MESSAGE_PROCESSOR_DROP_MESSAGE
Message Processor Drop Message
Dropped message: “{4}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 157
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26092 TRANSMIT_TXT_MSG_SMTP SMTP Transmission
Attempted to transmit text message via SMTP plugin
eventSystem 26093 TRANSMIT_TXT_MSG_SMS SMS Transmission
Attempted to transmit text message to “{3}” via “{4}” SMS plugin
eventSystem 26094 LOOKUP_AUTH_METHOD Authentication Method Lookup
Attempted to locate authentication method data
eventSystem 26095 MESSAGE_HANDLER_HANDLE_MESSAGE
Message Handler Handle Message
Attempted to handle message: “{4}”
eventSystem 26096 REFRESH_TRANSMISSION_PLUGINS
Refresh Droppable Transmission Plugins
Attempted to refresh droppable transmission plugins
eventSystem 26097 AM_ENABLE_PRINCIPAL_FOR_SMS
Enabled Principal for On-Demand Authentication
Attempted to enable principal for On-Demand Authentication
eventSystem 26098 AM_DISABLE_PRINCIPAL_FOR_SMS
Disabled Principal for On-Demand Authentication
Attempted to disable principal for On-Demand Authentication
eventSystem 26099 AM_UPDATE_SMS_FOR_PRINCIPAL
Updated On-Demand Authentication Attributes for Principal
Attempted to update On-Demand Authentication for principal
eventSystem 26100 AM_SEARCH_SMS_AUTHENTICATORS
Searched for On-Demand Authentication Attributes for Principals
Attempted to search On-Demand Authentication Attributes for principals
Event Category Action ID Action Key Description Message
158 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26101 CLEANUP_EXPIRED_AUTHENTICATORS_JOB
Cleanup Expired On-Demand Authenticators Batch Job
Batch job cleaned up expired On-Demand authenticators. Total number of deleted authenticators:
eventSystem 26102 SMS_CLICKATELL_API_CONNECTION_KEEP_ALIVE
SMS Clickatell API connection keep-alive
Attempted to keep alive the connection to the Clickatell API
eventSystem 26103 AM_UPDATE_SMS_CONFIGURATION
Update On-Demand Configuration
Attempted to update the On-Demand Configuration
eventSystem 26104 CLEANUP_EXPIRED_AUTHENTICATORS_JOB_FAILURE
Cleanup Expired On-Demand Authenticators Batch Job
Unexpected exception while attempting to clean up On-Demand authenticators. Skipping authenticator for principal “{1}”.
eventSystem 26105 SMS_CLICKATELL_SSL_INITIALIZATION_FAILURE
Initialize Clickatell plugin
Failure while initializing SSL connection to Clickatell. Message transmissions may fail.
eventSystem 26106 ADJUDICATOR_REHOMING User Home Node rebalance processing
Attempted User Home Node rebalance processing
eventSystem 26107 ADJUDICATOR_INSTANCE_CONFIGURATION
Adjudicator Instance configuration data processing
Adjudicator Instance \u201c{3}\u201d configuration data procesing attempted
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 159
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26108 ON_DEMAND_LOGIN_FAILURE
On-Demand authentication processing
Unexpected error occured while processing On-Demand authentication attempt for principal \u201c{3}\u201d
eventSystem 26109 HEALTH_MONITOR_STARTUP_FAILURE
Database health monitor startup
Major error occured while starting up database health monitor. Agent failover will not work correctly.
eventSystem 26110 SDCONF_GENERATE_FAILURE
Generate agent configuration file
Unable to locate primary server. Rebalancing contact lists may resolve this issue.
eventSystem 26111 OC_RESTORE_BACKUP Restore system from backup via OC
Operations Console administrator “{0}” attempted to restore {7} from a backup. Location: “{3}” ; version: {4}
eventSystem 26112 OC_CONFIG_BACKUP_RESTORE
Configure backup and restore via OC
Operations Console administrator “{0}” attempted to configure backup and restore
eventSystem 26113 OC_CREATE_BACKUP Create backup via OC
Operations Console administrator “{0}” attempted to create a backup at “{3}”
Event Category Action ID Action Key Description Message
160 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26114 OC_LIST_BACKUPS List backups via OC
Operations Console administrator “{0}” attempted to list all backups
eventSystem 26115 OC_CONFIGURE_UPDATES Configure updates via OC
Operations Console administrator “{0}” attempted to configure updates
eventSystem 26116 OC_MANUAL_SCAN_UPDATES
Scan updates via OC
Operations Console administrator “{0}” attempted to scan for updates
eventSystem 26117 OC_LIST_UPDATES List updates via OC
Operations Console administrator “{0}” attempted to list updates
eventSystem 26118 OC_DOWNLOAD_RELEASE_NOTES
Download release notes via OC
Operations Console administrator “{0}” attempted to download release notes
eventSystem 26119 OC_APPLY_UPDATES Apply updates via OC
Operations Console administrator “{0}” attempted to apply updates
eventSystem 26120 OC_LIST_UPDATE_ROLLBACK_LOG_FILES
List update or rollback log files via OC
Operations Console administrator “{0}” attempted to list update or rollback log files
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 161
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26121 OC_LIST_ROLLBACK List available rollbacks via OC
Operations Console administrator “{0}” attempted to list available rollbacks
eventSystem 26122 OC_CONFIGURE_SSH Configure SSH via OC
Operations Console administrator “{0}” attempted to configure SSH
eventSystem 26123 OC_CONFIG_SYSTEM_NETWORK_SETTING
Configure system network settings via OC
Operations Console administrator “{0}” attempted to configure system network settings
eventSystem 26124 OC_LIST_NIC List existing NICs via OC
Operations Console administrator “{0}” attempted to list existing NICs
eventSystem 26125 OC_CONFIGURE_PRI_NIC Configure primary NIC via OC
Operations Console administrator “{0}” attempted to configure primary NIC
eventSystem 26126 OC_SNMP_CONFIG Configure SNMP via OC
Operations Console administrator “{0}” attempted to configure SNMP
eventSystem 26127 OC_DOWNLOAD_MIB_FILE Download MIB file via OC
Operations Console administrator “{0}” attempted to download MIB file
Event Category Action ID Action Key Description Message
162 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26128 OC_CONFIGURE_LOGGING Configure logging via OC
Operations Console administrator “{0}” attempted to configure logging
eventSystem 26129 OC_LIST_APP_SYS_LOGS List appliance or system logs via OC
Operations Console administrator “{0}” attempted to list appliance or system logs
eventSystem 26130 OC_DOWNLOAD_APP_SYS_LOGS
Download appliance or system logs via OC
Operations Console administrator “{0}” attempted to download appliance or system logs
eventSystem 26131 OC_DOWNLOAD_UPDATE_LOG_FILE
Download update log file via OC
Operations Console administrator “{0}” attempted to download update log file
eventSystem 26132 OC_DELETE_UPDATE_LOG_FILE
Delete update log file via OC
Operations Console administrator “{0}” attempted to delete update log file
eventSystem 26133 OC_DOWNLOAD_ROLLBACK_LOG_FILE
Download rollback log file via OC
Operations Console administrator “{0}” attempted to download rollback log file
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 163
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26134 OC_DELETE_ROLLBACK_LOG_FILE
Delete rollback log file via OC
Operations Console administrator “{0}” attempted to delete rollback log file
eventSystem 26135 OC_PERFORM_ROLLBACK Perform rollback via OC
Operations Console administrator “{0}” attempted to rollback
eventSystem 26136 OC_REBOOT_APPLIANCE Reboot appliance via OC
Operations Console administrator “{0}” attempted to reboot appliance
eventSystem 26137 OC_CONFIGURE_SEC_NIC Configure secondary NIC via OC
Operations Console administrator “{0}” attempted to configure secondary NIC
eventSystem 26138 OC_DELETE_RADIUS_SERVER
Delete RADIUS server via OC
Operations Console administrator “{0}” attempted to delete RADIUS server with Super Admin credentials of “{3}”.
eventSystem 26139 OC_STOP_RADIUS_SERVER Stop RADIUS server via OC
Operations Console administrator “{0}” attempted to stop RADIUS server with Super Admin credentials of “{3}”.
Event Category Action ID Action Key Description Message
164 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26140 OC_EDIT_DICT_RADIUS_SERVER
Edit RADIUS dictionary file
Operations Console administrator “{0}” attempted to edit RADIUS server dictionary file “{4}” with Super Admin credentials of “{3}”.
eventSystem 26141 OC_START_RADIUS_SERVER Start RADIUS server
Operations Console administrator “{0}” attempted to start RADIUS server with Super Admin credentials of “{3}”.
eventSystem 26142 OC_PROMOTE_RADIUS_SERVER
Promote replica RADIUS server
Operations Console administrator “{0}” attempted to promote RADIUS server with Super Admin credentials of “{3}”.
eventSystem 26143 OC_LIST_DICT_RADIUS_SERVER
List RADIUS server dictionary files
Operations Console administrator “{0}” attempted to list RADIUS server dictionaries with Super Admin credentials of “{3}”.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 165
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26144 OC_LIST_CONFIG_RADIUS_SERVER
List RADIUS configuration files
Operations Console administrator “{0}” attempted to list RADIUS server configuration files with Super Admin credentials of “{3}”.
eventSystem 26145 OC_EDIT_CONFIG_RADIUS_SERVER
Edit RADIUS server configuration file
Operations Console administrator “{0}” attempted to edit RADIUS server configuration file “{4}” with Super Admin credentials of “{3}”.
eventSystem 26146 OC_RADIUS_TRUSTED_ROOT_CERTS_REP
Enable Disable trusted root certificate for replication
Operations Console administrator “{0}” attempted to “{4}” trusted root certificate for replication with Super Admin credentials of “{3}”.
eventSystem 26147 OC_RADIUS_LIST_TRUSTED_ROOT_CERTS
List RADIUS server trusted root certificates
Operations Console administrator “{0}” attempted to list trusted root certificates with Super Admin credentials of “{3}”.
Event Category Action ID Action Key Description Message
166 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26148 OC_RADIUS_ADD_TRUSTED_ROOT_CERT
Add trusted root certificate
Operations Console administrator “{0}” attempted to add trusted root certificate with Super Admin credentials of “{3}”.
eventSystem 26149 OC_RADIUS_REPLACE_SERVER_CERT
Replace RADIUS server certificate
Operations Console administrator “{0}” attempted to replace RADIUS server certificate with Super Admin credentials of “{3}”.
eventSystem 26150 OC_RADIUS_DELETE_TRUSTED_CERT
Delete RADIUS trusted root certificate
Operations Console administrator “{0}” attempted to delete RADIUS server trusted certificate with Super Admin credentials of “{3}”.
eventSystem 26151 CREATE_BACKUP Create Backup The system attempted to create a backup.
eventSystem 26155 RBA_LOAD_INTEGRATION_SCRIPT_TEMPLATE
Load RBA integration script template
The system tried to load the RBA integration script template located at “{3}”
eventSystem 26156 START_RADIUS_REPLICATION_TIMER
Start RADIUS replication timer
System is starting the RADIUS replication timer
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 167
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26157 STOP_RADIUS_REPLICATION_TIMER
Stop RADIUS replication timer
System is stopping the RADIUS replication timer
eventSystem 26158 MODIFY_RADIUS_REPLICATION_TIMER
Modify settings for RADIUS replication timer
System is modifying the RADIUS replication timer settings
eventSystem 26159 DISABLE_REPLICATION_FOR_RADIUS_SERVER
Disabling replication for a RADIUS server is no longer supported.
Administrator “{0}” attempted to disable replication for a RADIUS server
eventSystem 26160 OC_SSH_UPDATE Update SSH state using the OC
Operations Console administrator “{0}” attempted to update SSH state to “{3}”.
eventSystem 26161 DELETE_AGED_BACKUP Delete aged backup file
Backup Scheduler attempted to delete an aged backup at “{3}”
eventSystem 26162 OC_SCHEDULE_BACKUP_SKIPPED
Skipped Scheduled backup
Scheduled backup is skipped due to another system maintenance task is in progress
eventSystem 26163 OC_SCHEDULE_BACKUP Schedule backup via OC
Operations Console administrator “{0}” attempted to schedule a backup
eventSystem 26164 OC_SCHEDULE_CREATE_BACKUP
Create backup via OC scheduled job
Operations Console Backup Scheduler Job attempted to create a backup at “{3}”
Event Category Action ID Action Key Description Message
168 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26165 INSTANCE_HOST_REFRESH Instance Host Entry Refresh on Application Startup
Attempted to refresh the instance host entry and synchronize server lists
eventSystem 26166 AUTOMATIC_RADIUS_SERVER_CONFIG
Automatic RADIUS Server Configuration
Attempted to automatically configure the RADIUS Server for the Instance “{0}”
eventSystem 26167 OC_DELETE_BACKUP_FILE Delete backup file via OC
Operations Console administrator “{0}” attempted to delete a backup at “{3}”
eventSystem 26168 OC_EDIT_HOSTS_FILE Edit Appliance Hosts file
Operations Console administrator “{0}” attempted to edit the Appliance OS hosts file with Super Admin credentials of “{3}”.
eventSystem 26169 OC_NSLOOKUP Execute Name Server LookUp Command
Operations Console administrator “{0}” attempted to execute nslookup.
eventSystem 26170 OC_OS_PASSWORD_CHANGE Change the Operating System User Password
Operations Console administrator “{0}” attempted to change the operating system user pasword.
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 169
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26171 OC_ENABLE_SSH Enable SSH state using the OC
Operations Console administrator “{0}” attempted to enable SSH.
eventSystem 26172 OC_DISABLE_SSH Disable SSH state using the OC
Operations Console administrator “{0}” attempted to disable SSH.
eventSystem 26173 AM_WEBTIER_PACK Pack latest Web Tier Configuration
Pack latest Web Tier Configuration Version {0}
eventSystem 26174 AM_WEBTIER_DOWNLOAD Download latest Web Tier Configuration
Download latest Web Tier Configuration Version: {0} ; data index: {1}
eventSystem 26175 AUTHMGR_UPDATE_FIREWALL_RADIUS_PORTS
Update Firewall on RADIUS Server Port Change
Attempted to update the firewall rules after a RADIUS Server port change.
eventSystem 26176 AUTHMGR_UPDATE_FIREWALL_APS
Update Firewall on Authentication Services Port Change
Attempted to update the firewall rules after authentication services port change.
eventSystem 26177 AUTHMGR_UPDATE_FIREWALL_XREALM
Update Firewall on Legacy Trusted Realm Port Change
Attempted to update the firewall rules after a legacy trusted realm port change.
Event Category Action ID Action Key Description Message
170 2: RSA Authentication Manager Log Messages
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26178 OC_RESTART_RADIUS_SERVER
Restart RADIUS server
Operations Console administrator “{0}” attempted to restart RADIUS server with Super Admin credentials of “{3}”.
eventSystem 26179 OC_ADD_RADIUS_DICTIONARY
Add a new RADIUS dictionary file
Operations Console administrator “{0}” attempted to add a new RADIUS dictionary “{4}” with Super Admin credentials of “{3}”.
eventSystem 26180 OC_OVERWRITE_RADIUS_DICTIONARY
Overwrite an existing RADIUS dictionary file
Operations Console administrator “{0}” attempted to overwrite an existing RADIUS dictionary “{4}” with Super Admin credentials of “{3}”.
eventSystem 26181 AUTHMGR_CHECK_TRUSTS_BEFORE_UPDATE_FIREWALL_XREALM
Check the existing trusts for updating the firewall rules
Check the existing trusts before updating the firewall rules on a legacy trusted realm port change.
eventSystem 26182 AUTOMATIC_REALM_CERTIFICATES_REMOVAL
Automatic REALM Certificates removal on hostname change
Attempted to remove realm certificates after hostname change to “{0}”
eventSystem 26183 AM_SYSTEM_START_REPLICA_ATTACH
Start Replica Attach
Attempted to start attaching the replica “{3}”
Event Category Action ID Action Key Description Message
2: RSA Authentication Manager Log Messages 171
RSA Authentication Manager 8.0 Troubleshooting Guide
eventSystem 26184 AM_GET_DEPLOYMENT_CONFIG
Get Deployment Configuration
Attempted to get deployment configuration for the replica “{3}”
eventSystem 26185 OC_CERT_SIGNING_REQEUST Create Cert Signing Request
Operations Console administrator “{0}” attempted to create a certificate signing request. Key alias: “{3}”
eventSystem 36001 UCM_SEND_MAIL Mail send event key.
eventSystem 36022 UCM_LICENSE_CHECK License Check.
eventSystem 36025 UCM_ARCHIVE_REQUEST Archive UCM request action.
Administator “{4}” attempted to “{3}” UCM request using the archive ucm request utility.
eventSystem 36028 UPDATE_UCM_REQUEST Update UCM Request
Administator attempted to update (approve/distribute/reject/cancel) UCM request.
Event Category Action ID Action Key Description Message
172 2: RSA Authentication Manager Log Messages