After AE upgrade Web Services jobs fail with 'User Authentication Failure' and HTTP 401 1034
Article ID: 116299
Updated On:
Products
CA Workload Automation AE - Business Agents (AutoSys)
CA Workload Automation AE - Scheduler (AutoSys)
Workload Automation Agent
Issue/Introduction
After upgrading to Autosys 11.3.6 SP7, Web Service calls below receive authentication failures for all users:
- Trigger jobs (Start job)
- /AEWS/job-run-info
- /AEWS/job
- /AEWS/machine
The following errors are seen in the logs:
-------------------------------------------------------
- waae-webservices_access_log shows:
49.9.11.68 - - [26/Sep/2018:14:26:36 -0400] "POST /AEWS/event/start-job HTTP/1.1" 401 1034
49.9.11.68 - - [26/Sep/2018:14:26:36 -0400] "POST /AEWS/event/start-job HTTP/1.1" 401 1034
- waae_webservices_wrapper log shows;
2018/09/26 14:26:36 | 26-Sep-2018 14:26:36.512 WARNING [https-jxxx-aaa-9443-exec-3] com.ca.eiam.jaas.EiamLoginModule.authenticateWithPassword User authentication failure. User: [email protected]
- Trigger jobs (Start job)
- /AEWS/job-run-info
- /AEWS/job
- /AEWS/machine
The following errors are seen in the logs:
-------------------------------------------------------
- waae-webservices_access_log shows:
49.9.11.68 - - [26/Sep/2018:14:26:36 -0400] "POST /AEWS/event/start-job HTTP/1.1" 401 1034
49.9.11.68 - - [26/Sep/2018:14:26:36 -0400] "POST /AEWS/event/start-job HTTP/1.1" 401 1034
- waae_webservices_wrapper log shows;
2018/09/26 14:26:36 | 26-Sep-2018 14:26:36.512 WARNING [https-jxxx-aaa-9443-exec-3] com.ca.eiam.jaas.EiamLoginModule.authenticateWithPassword User authentication failure. User: [email protected]
Environment
Release:
Component: ATSYS
Component: ATSYS
Resolution
On machine where Web Server is running do the following:
Go to $AUTOSYS/bin
Run ./safex -munge <EiamAdmin_Password> and note the output. (Sub in the actual password for the EiamAdmin user in EEM)
Go to $AUTOUSER
Open eiam.ws.config and look for these lines…
<Authentication type="password">
<!-- input for password based authentication -->
<UserAuth>
<Username>EiamAdmin</Username>
<Password>JSQXHREEHAMC</Password>
</UserAuth>
<!-- -->
Make sure the value in the <Password>XXXXXXX</Password> tag matches the output from the safex -munge command. If they do not, edit the value in the eiam.ws.config file to match the safex command output and then restart the Web Server.
There have been cases where an upgrade changes the munged password entry in the eiam.ws.config file to a wrong value. When that happens, all user authorizations start failing because the Web Server can no longer access EEM.
It is not visible in the normal Web Services logs, EEM client tracing would need to be enabled to see this.
Go to $AUTOSYS/bin
Run ./safex -munge <EiamAdmin_Password> and note the output. (Sub in the actual password for the EiamAdmin user in EEM)
Go to $AUTOUSER
Open eiam.ws.config and look for these lines…
<Authentication type="password">
<!-- input for password based authentication -->
<UserAuth>
<Username>EiamAdmin</Username>
<Password>JSQXHREEHAMC</Password>
</UserAuth>
<!-- -->
Make sure the value in the <Password>XXXXXXX</Password> tag matches the output from the safex -munge command. If they do not, edit the value in the eiam.ws.config file to match the safex command output and then restart the Web Server.
There have been cases where an upgrade changes the munged password entry in the eiam.ws.config file to a wrong value. When that happens, all user authorizations start failing because the Web Server can no longer access EEM.
It is not visible in the normal Web Services logs, EEM client tracing would need to be enabled to see this.
Feedback
Yes
No
Powered by
