EiamAdmin Account LOCKED and Permissions errors in CA-Wcc.log
search cancel

EiamAdmin Account LOCKED and Permissions errors in CA-Wcc.log

book

Article ID: 253495

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

After recent eiamadmin password changes it was noticed that no jobs appeared in WCC's "monitor" page.

The following was seen in the CA-Wcc.log

INFO   | jvm 1    | 2022/11/01 12:15:54 |      765 | @configservices <127.0.0.1 XXXXXXXX ~A7E> [] ERROR #AccessFacade                       # Cannot check permission for SARResourceClass=as-job, ResourceName=<AUTOSERV>.<jobname>, Action=read

INFO   | jvm 1    | 2022/11/01 12:15:49 |      760 | @tomcat-resource <127.0.0.1 XXXXXXXX ~A7E> [] ERROR #EmbIAMAccessProvider               # EmbIAMAccessProvider - SafeContextFactory.getSafeContext failed for config: AccessConfig[HostName=host1234,host5678, Locale=en_US, ServerEnabled=true, AppName=WorkloadAutomationAE, AppCertPath=/appdata/CA/WorkloadAutomationAE/wcc/data/config/autosysCertificate.pem, ServerAdminID=EiamAdmin, EventLogPath=null, PersistentCachePath=null, RetryConnectInterval=30, RetryPingInterval=30, FullCacheUpdateEnabled=false, CacheUpdateInterval=30], SafeException.getMessage = EE_PW_USERLOCKED Account locked
INFO   | jvm 1    | 2022/11/01 12:15:49 |      760 | com.ca.eiam.SafePasswordException: EE_PW_USERLOCKED Account locked

Environment

Release : 12.0

Resolution

WCC uses and checks wcc.key and wcc.pem files if they are supplied during change_eem and wcc_config for its normal operations regarding WCC EEM policies.

WCC uses the eiamadmin id's password to get the WorkloadAutomationAE policies during normal operations.

If the eiamadmin password contains special characters, the password may need to be enclosed in double quotes or have the special characters escaped using a backslash when entered via wcc_config or change_eem.

A restart of WCC is required to consume the new details.

NOTE :

Make sure if eiamadmin's password changes in EEM to update ALL WCC to reflect the new password and regenerate certificates (wcc.key and wcc.pem)

For AutoSys use autosys_secure to update the EEM details.  This is only needed on one host per $AUTOSERV that is connected to the EEM where the password is changing.