[RSA] Authentication Manager 8.1 SP1 update with Third-Party Patch 1.0

Dear colleagues,

here are the highlights of the Third-Party Patch 1.0:

  • it updates the internal third-party software components including Clam AntiVirus, VMware tools, and operating system utilities such as SNMP, NTP, and TAR
  • after the Third-Party Patch is installed you may see a “Warning: cryptographic keys dir specified but not found or is not a directory”in the vSphere console and the boot.msg log file when the appliance starts the NTP service – this is a known issue but doesn’t impact the security or performance of the RSA Authentication Manager appliance
  • CANNOT be rolled back (if this is your test environment and running virtual you could do a snapshot)
  • once TPU1 is installed you CANNOT roll back any regular patch to the version earlier than Patch 8

What you will need is:

  • (or later) operational VM\physical instance (primary of replica)
  • ISO with the update
  • tp-update-1.0
  • SHA256:7789b7194477671731d3cc1ee1b5b5fe8f39e54eafe1d120b4c8d0d1d5f77312


  • means to mount the ISO:
    • use the browser to upload iso directly (note the ISO upload size limit of 2 GB)
    • use nfs share
    • use cifs share
    • use dvd/cd (described below)
  • 4 GB of free disk space
  • all replicas running fine and replicating (if not running solo)
  • maintenance window open (services will restart, if running only a primary instance that means downtime)
  • start the process always with the primary instance as first one
  • remember all third-party releases are cumulative

Recipe (dvd/cd):

  • for delivering, mounting the ISO please follow this article
  • connect to Operations Console, go to Maintenance -> Update & Rollback
  • make sure Update Source is configured to CD/DVD
  • click on Scan for Updates button
  • click on Done button
  • AM TP 1.0 should be listed


  • click on Apply Update button
  • provide guest OS application user credentials; check the checbox to confirm; before clicking on Apply button make sure all dependent teams are informed about what will happen next (appliance will reboot, authentication service will be degraded, monitoring alarms will set off etc.)


  • review the update process


  • after installer finishes you will be redirected to a different one, the port will switch over to 8443 in the browser


  • when the process completes, the appliance will reboot (might take up to 10 minutes for the operations console to be online)


  • connect back to Operations Console, the update will not be reflected under  Maintenance -> Update & Rollback
  • instead go to Operations Console, Administration -> Download Troubleshooting Files
  • provide Super Admin User credentials
  • check all checkboxes and provide a password for a zip file

Your password must contain the following:
Between 8 and 32 characters
At least 1 alphabetic character
At least 1 special character except @ and ~

Once done click on the Generate and Download Zip File button


  • wait untill the process finishes and click on Download Zip File button


  • save the archive file to a secure location and then unpack with (you will be prompted for the password for the archive)
  • once unpacked open the folder and navige to Authentication Manager Logs\server\logs sub-folder
  • locate the following file update- and open it
  • search all for the following keywords: error (except for line with libgpg-error0-1.10-0.7.29) or problem or warning; if they are none you’re good to go