Cannot validate enc certificate

Article Id: 106077

Status: Published

Updated On: 12-07-2018 13:36

Products:

CA Automation Suite for Data Centers - Configuration Automation , CA Client Automation - Asset Management , CA Client Automation - IT Client Manager , CA Client Automation , CA Client Automation - Remote Control , CA Client Automation - Asset Intelligence , CA Client Automation - Desktop Migration Manager , CA Client Automation - Patch Manager

Issue/Introduction:

ENC Clients belonging to a known working ENC Server can sometimes fail if not configured with the exact FQDN of the ENC Server used in the ENC Server's Client Certificate
If the logs are checked, you may find an error message similar to "The target principal name is incorrect".

Cause:

100718-01:28:16.5937180L|007904|00000924|encclient |communicatorLib |communicatorLib |000000|ERROR | EncInitializeSecurityContext: The target principal name is incorrect.

Environment:

any supported ENC environment

Resolution:

ENC Client is likely pointing to an incorrect or invalid FQDN that does not match the FQDN specified in the Alternate Subject Name portion of the client certificate on the ENC Server.

Run a command like the following to correct the issue:

encutilcmd client -state enabled -server <proper ENC Server FQDN>

If the command runs successfully you will see the following after hitting enter:

INFO: Command completed successfully.

Now recycle ENC Client (CAF STOP ENC CLIENT / CAF START ENCCLIENT) and test.