Agent install error - Unable to read raw key material

book

Article ID: 192647

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Workload Automation AE

Issue/Introduction

We are engineering our package for the new autosys agent 11.5.  We have 3 issues.

1.  We want to make sure we have the proper cryptkey cypher,  Right now the installation error is:
06/02/2020 13:55:41.807-0400 1 main.MainThread.CybTcpipControllerPlugin.initialize[:313] - cybermation.library.security.CybSecurityException: Unable to read raw key material
How should we handle this error?

2:  The agent is creating autosys account on the agent machine, we don't want that.  How can we disable it?

3.  Is it possible to use the password utility in the agent to reset the autosys_secure password for an account?  This will allow the users to administer their own passwords in the key vault.


Environment

Release : 11.3.6

Component : CA Workload Automation System Agent

Resolution

1 - most clients who contact support are just looking for a quick fix and to move on. Most of those clients are using default settings and so the quickest / easiest thing to get them going (to move past encryption issues) is to copy (ftp in binary mode) the cryptkey.txt from a working host which is configured in a similar manner (same encryption) and restart the agent. Often they are not interested in what went wrong initially or reinstalling or learning how to use the as_config utility to generate a new crypkey.txt file.

If you want to try to deteremine what went wrong during your install please provide the CA*install*.log file(s) so we may see what options it ran with and if any errors occurred during the cyptkey.txt phase of the install.
Also provide results from "ls -alR" from the agent directory so we can see what files are in place now. If you have anything in the agent's nohup* files please provide them as well.


2 - If you look at the unix_install.properties these are the settings that
control if the agent is to create a user/group and what it is.

#################################################################
# Onwer and Group Settings #
# #
# Specify the owner and group accounts that will be assigned to #
# the installed files/directories. #
# #
# SET_OWNER_ACCOUNT = Owner account #
# SET_GROUP_ACCOUNT = Group #
# Defaults for autosys mode are both "autosys". #
# Defaults for non-autosys mode are the current user/group #
# CREATE_OWNER_AND_GROUP_ACCOUNTS=true or false(Default is true)#
# If CREATE_OWNER_AND_GROUP_ACCOUNTS = true then the owner #
# and group accounts are created. #
#===============================================================#

#SET_OWNER_ACCOUNT=autosys
#SET_GROUP_ACCOUNT=autosys
#CREATE_OWNER_AND_GROUP_ACCOUNTS=true

Based on your comments you would want
CREATE_OWNER_AND_GROUP_ACCOUNTS=false
to avoid the users being created.

3 - The agent's password utility and AutoSys's autosys_secure do not encyrpt the passwords they are given in the same manner. As a result you cannot use the "password" utility to update "autosys_secure" password details.

There are some discussions on the message boards which might interest you.
There are many who would like to see enhancements in this area.
Please feel free to add your ideas too.
https://community.broadcom.com/participate/ideation-home/viewidea?IdeationKey=b422b10f-cbfd-42be-8c60-78d903b78787