MTC-DBM UI logon fails with 'Unsuccessful Authentication' errors

book

Article ID: 224490

calendar_today

Updated On:

Products

CA Detector for DB2 for z/OS

Issue/Introduction

After the installation of MTC-DBM, and with the installation and execution of ESM Microservices previously done, the login to the MTC-DBM UI fails with unsuccessful authentication errors:  An unknown message was returned from the ESM (ESMA0003:Unregistered)  d.s.s.s.RestAuthenticationFailureHandler : UiResponse(Some(SecurityResponse(false,null,LOGIN.ERRORS.UNKNOWN.MESSAGE (ESMA0003:Unregistered))),None,None,None)

 

 

Cause

Incorrect keyring/certificate setup

Environment

Release : 20.0

Component : CA Detector for DB2 for z/OS

Resolution

ESM Microservice has flagged the 'mvszz02' certificate as its server cert via the server.ssl.key-alias parameter from the ESMENV file. 

ESM Microservice requires that all client components register themselves with ESM Microservice via a unique certificate. 

Because you are specifying the same Keyring for both ESM Microservices and the Clients (eg, MTC-UI and PXMDS), and the clients have not specified a key-alias in their ENV files, they are trying to use the 'Default' certificate from the keyring which in this case is the server certificate for ESM Microservices (mvszz02) . 

Recommendation (in this example for RACF) is to follow the documented prescription:

'Registering a Client Application for RACF' for further detail on how to register your client certificates with ESM Microservice.