search cancel

Notification Mail not going from ITAM

book

Article ID: 187867

calendar_today

Updated On:

Products

CA IT Asset Manager CA IT Asset Manager Asset Portfolio Management CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER

Issue/Introduction

ITAM Notification using ITPAM fails to send email notification.
 
Excerpt from event service log:
=======================

Errors in the event service  log file:-

019-11-29 06:27:22,131 UTC [6532] INFO  CA.Applications.EventService.EventService - Processing events 1 for the provider

2019-11-29 06:27:22,147 UTC [6532] ERROR CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - Error Retrieving Start Request forms:Notification without ACK

2019-11-29 06:27:22,147 UTC [6532] ERROR CA.Applications.WorkFlowProviders.ITPAM.ItpamProvider - Error retrieving ITPAM process='Notification without ACK' path='/ITAM/'

2019-11-29 06:27:22,147 UTC [6532] ERROR CA.Applications.WorkFlowProviders.ITPAM.ItpamProvider - Error Retrieving Start Request forms:

2019-11-29 06:27:22,803 UTC [7568] INFO  CA.Applications.EventService.EventService – ContactThreadStarted

 

Actual issue we have found with the ITAM event service Debug binary(CA.Applications.WorkFlowProviders.ITPAM.dll):-

INFO  CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - acsk-before GetParams()-exception

2020-03-16 06:09:24,690 UTC [2996] INFO  CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - acsk InnerException:

System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)

   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.ConnectStream.WriteHeaders(Boolean async)

2020-03-16 06:09:24,702 UTC [2996] INFO  CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - acsk Message info:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

2020-03-16 06:09:24,702 UTC [2996] DEBUG CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - acsk InnerException debug:

System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)

   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.ConnectStream.WriteHeaders(Boolean async)

2020-03-16 06:09:24,703 UTC [2996] DEBUG CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - acsk Message info debug:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

2020-03-16 06:09:24,704 UTC [2996] ERROR CA.Applications.WorkFlowProviders.ITPAM.ItpamProcess - Error Retrieving Start Request forms:Notification without ACK

2020-03-16 06:09:24,704 UTC [2996] ERROR CA.Applications.WorkFlowProviders.ITPAM.ItpamProvider - Error retrieving ITPAM process='Notification without ACK' path='/ITAM/'

2020-03-16 06:09:24,704 UTC [2996] ERROR CA.Applications.WorkFlowProviders.ITPAM.ItpamProvider - Error Retrieving Start Request forms:

2020-03-16 06:09:24,710 UTC [2996] ERROR CA.Common.Utilities.Event.EventServiceFailureNotifier - Unable to Send Email: SMTP Email Settings are Incomplete, Please set required values for SMTPServer details, From: and To:

2020-03-16 06:09:52,230 UTC [10040] INFO  CA.Applications.EventService.EventService - ContactThreadStarted

 

Cause

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

The above error occurs because PAM was configured with a certificate that is self-signed (ITAM machine does not recognize the issuer of the certificate) and it is not issued to the ITPAM machine (the 'Issued to' field in the certificate says CA), whilst it should have the actual name(PAM server complete FQDN name used to access ITPAM).

Environment

Release : 17.1

Component : CA Asset Portfolio Management

Resolution

To resolve this problem we have created a new self-signed certificate issued to the ITPAM machine name (FQDN name )and reconfigure ITPAM and ITAM with that certificate.

Following are the steps:-

 

1:-Go to ITPAM machine name launch CMD prompt by using administrator.

2:-Copy below command and create a new key store.

IMPORTANT: when creating the certificate we will be asked "What is your first and last name?", this is where we should type the ITPAM machine name,however in your environment we have provided all information as ITPAM machine name(FQDN name )only.


"C:\\Program Files\\Java\\jdk1.8.0_181\\bin\\keytool.exe" -genkey -alias "ITPAM" -keyalg RSA -keystore "d:\\Program Files\\CA\\PAM\\server\\c2o\\.config\\itpamcustomV1.keystore"

 

3:-Once the certificate is created traversed to the location “D:/Program Files/CA/PAM/server/c2o/.config/” and open “Oasisconfig.Properties” file in  notepad and modified

“itpam.web.keystorepath” to  “itpamcustomV1.keystore”

 

i.e

#itpam.web.keystorepath=D:/Program Files/CA/PAM/server/c2o/.config/c2okeystore

itpam.web.keystorepath=D:/Program Files/CA/PAM/server/c2o/.config/itpamcustomV1.keystore

 

4:-Restarted the ITAPM service.

5:-Go to ITAM machine.

6:-Launch Internet Explorer by using administrator user.

7:-Access PAM url (FQDN name)from the ITAM server.

8:-Accept the Certificate Error warning, click on the padlock near the address bar, click View Certificate, click Install Certificate.

9:-Select 'Local Machine', click Next, select 'Place certificates in the following store', click Browse, select 'Trusted Root Certificate Authorities', click OK, Next, Finish.

Repeat steps 6,7,8

10:-Select ''Local Computer', click Next, select 'Place certificates in the following store', click Browse, select 'Trusted Root Certificate Authorities', click OK, Next, Finish.

11:-Now we should be able to see the ITAPM certificate in 'Trusted Root Certificate Authorities' of both 'Local Machine' and ''Local Computer'.

12:-Login in to ITAM and traverse to the Event service configuration and provide FQDN name of ITPAM server.

13:-Execute iisreset command in the ITAM machine and restart Event Service.

 

Verified the change event for location description field.