After the installation of MTC-DBM, and with the installation and execution of ESM Microservices previously done, the login to the MTC-DBM UI fails with unsuccessful authentication errors:  An unknown message was returned from the ESM (ESMA0003:Unregistered)  d.s.s.s.RestAuthenticationFailureHandler : UiResponse(Some(SecurityResponse(false,null,LOGIN.ERRORS.UNKNOWN.MESSAGE (ESMA0003:Unregistered))),None,None,None)

Release : 20.0

Component : CA Detector for DB2 for z/OS

Incorrect keyring/certificate setup

ESM Microservice has flagged the 'xxxxxx' certificate as its server cert via the server.ssl.key-alias parameter from the ESMENV file. 

ESM Microservice requires that all client components register themselves with ESM Microservice via a unique certificate. 

Because you are specifying the same Keyring for both ESM Microservices and the Clients (eg, MTC-UI and PXMDS), and the clients have not specified a key-alias in their ENV files, they are trying to use the 'Default' certificate from the keyring which in this case is the server certificate for ESM Microservices (xxxxxx) . 

Recommendation (in this example for RACF) is to follow the documented prescription:

'Registering a Client Application for RACF' for further detail on how to register your client certificates with ESM Microservice.