search cancel

EiamAdmin Account LOCKED and Permissions errors in ca-wcc.log


Article ID: 253495


Updated On:


CA Workload Automation AE


We recently changed the password for production's EiamAdmin account.

We regenerated the wcc key and pem files, put them in place, and restarted WCC.

But WCC's "monitor" page does not show any jobs.

We see following in the logs.

# A lot of these.

INFO   | jvm 1    | 2022/11/01 12:15:54 |      765 | @configservices < A1093503 ~A7E> [] ERROR #AccessFacade                       # Cannot check permission for SARResourceClass=as-job, ResourceName=PR3.fs_sp_time_get_cpaf311_rpt, Action=read
INFO   | jvm 1    | 2022/11/01 12:15:54 |      765 | @configservices < A1093503 ~A7E> [] ERROR #AccessFacade                       # Cannot check permission for SARResourceClass=as-job, ResourceName=PR3.fs_sp_time_get_returned_check_file, Action=read

# and entries for the EiamAdmin account being locked

INFO   | jvm 1    | 2022/11/01 12:15:49 |      760 | @tomcat-resource < A1093503 ~A7E> [] ERROR #EmbIAMAccessProvider               # EmbIAMAccessProvider - SafeContextFactory.getSafeContext failed for config: AccessConfig[HostName=host1234,host5678, Locale=en_US, ServerEnabled=true, AppName=WorkloadAutomationAE, AppCertPath=/appdata/CA/WorkloadAutomationAE/wcc/data/config/autosysCertificate.pem, ServerAdminID=EiamAdmin, EventLogPath=null, PersistentCachePath=null, RetryConnectInterval=30, RetryPingInterval=30, FullCacheUpdateEnabled=false, CacheUpdateInterval=30], SafeException.getMessage = EE_PW_USERLOCKED Account locked
INFO   | jvm 1    | 2022/11/01 12:15:49 |      760 | EE_PW_USERLOCKED Account locked


Release : 12.0


WCC uses and checks the certs if they are supplied during change_eem and wcc_config and for its normal operations regarding WCC EEM policies.

If you specify eiamadmin's password and certs during your change_eem or wcc_config commands the password is updated in WCC's configuration but it is not tested/verified at that time.

WCC uses the eiamadmin id's password to get the WorkloadAutomationAE policies during normal operations.

In this client's case their eiamadmin password contained special characters and they had not double quoted the value when they issued wcc_config or change_eem.

As a result WCC stored an incomplete / incorrect password which was not verified during insertion.

When it was time to use it the password was wrong and WCC repeatedly failed to login to EEM, eventually locking the id.

The client needed to rerun the wcc_config and/or change_eem command and supply the certs and password, while enclosing the password in double quotes.



be double quoted in the wcc_config and/or change_eem commands.