APM services will not start after configuring Asset Protfolio Management with SSL/HTTPS
search cancel

APM services will not start after configuring Asset Protfolio Management with SSL/HTTPS


Article ID: 17909


Updated On:


CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager


CA Asset Protfolio Management services may fail to start up due to SSL certificate issues:

Data Importer Engine
Event Service
HW Reconciliation Engine
LDAP Import Service
Registration Service

The below error will appear in the service log file:

INFO CA.Applications.DataImporterEngine.ImportServiceManager - ..Initializing Web Server [https://<APP-SERVER-NAME>:443/ITAMService/Service.asmx] access for Import Service

ERROR CA.Applications.DataImporterEngine.ImportServiceManager - An error occurred while accessing the Web Server:System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.


IT Asset Manager 17.3.0 and higher


This error can be caused by the following reasons:

1- the certificate was not issued by a trusted Certification Authority;
2- the certificate was issued to a name other than the Application Server hostname.


First make sure the certificate is not expired or revoked.

Solution 1
Open the certificate assigned to the ITAMService site (.cer file) and click Install Certificate. Follow the wizard and select 'Place all certificates in the following store', click Browse and select 'Trusted Root Certification Authority'. Restart the affected service and make sure that the SSL error is notlogged.
Solution 2
If the certificate was generated to an address other than the Application Service configured address in APM, you will need to manually update SQL entries to reflect this scenario. First make sure you can access the Web Service address using the following URL and that no SSL warning is displayed:
Once this has been verified and a full valid MDB backup has been taken you can proceed with the following update on the MDB:

USE mdb
UPDATE al_cdb_configurationparameters SET configvalue = '<issued-cert-name>'
WHERE configkey = 'ComponentServerName' AND componentkey = 'Application_Server'

Issue the command 'iisreset' on the Web and Application Servers and attempt to start the affected services.

If the above does not solve the problem please raise a ticket with CA Support.