Error: crypt/encrypt failure, Possible Cause: Key Mismatch

book

Article ID: 207330

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

The WCC ECLI command times out with the following message: -

CAUAJM_E_10527 Timed out waiting for response from the CA WAAE Application Server: [AppServer:9000]
CAUAJM_E_50033 Error initializing tx subsystem:  CAUAJM_E_10062 Failed to get initial configuration from CA WAAE Application Server(s).

The application server log $AUTOUSER/out/as_server.out has the following error:

[01/27/2021 12:00:06]      CAUAJM_I_30032 Client [CA WAAE API JNI:16795][13][wccserver:50138:10.21.11.115] [0xb1544e70][01/27/2021 12:00:06.5710][1:kishore<@appserver1,appserver2> 1] API ID [299] execution completed. Total time: 0.023 seconds.
[01/27/2021 12:00:10]      CAUAJM_E_00200 Encryption/Decryption Failed. Module: etpki_crypto, Error: crypt/encrypt failure, Possible Cause: Key Mismatch

Validated the following and ensured the encryption type and the key are appropriate.

The CAPKI on WCC and Application server hosts are on the same release:

# cat /opt/CA/SharedComponents/CAPKI/CAPKI5/Linux/amd64/64/.installdb
CurrentVersion 5.2.5
WAAE1136 5.2.5
iGateway 5.2.2

WCC server: 

# cat /opt/CA/SharedComponents/CAPKI/CAPKI5/Linux/amd64/64/.installdb
WAAE1136 5.2.5

Autosys client host was able to resolve Autosys application server hostname and FQDN.
Telnet to the Autosys application server on port 7163 worked. 

curl -v "telnet://<application_server>:7163"

The Autosys commands were executed as autosys user, it worked without errors.
WAAE application server validated successfully from WCC configuration.

Cause

On the WAAE application server host, the file "/opt/CA/WorkloadAutomationAE/autouser.$AUTOSERV/cryptkey.txt" was missing read permission for group and others  (640) which caused the issue. 

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution

Add the missing read permission for the group and other on the file " /opt/CA/WorkloadAutomationAE/autouser.$AUTOSERV/cryptkey.txt"

$ chmod 644 /opt/CA/WorkloadAutomationAE/autouser.$AUTOSERV/cryptkey.txt

 

Additional Information

If the WAAE application server validation fails in the WCC configuration tab.

https://knowledge.broadcom.com/external/article/45033/cauajme00200-encryptiondecryption-failed.html