Deployment of cabi probe fails on Windows 2019 robot with Access denied for user error
search cancel

Deployment of cabi probe fails on Windows 2019 robot with Access denied for user error

book

Article ID: 258037

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Deploying the CABI probe to Windows 2019 robot deploys the wasp and cabi, but  installation fails.

Background:

  • root access was used for the mysql database during the initial UIM installation which was performed with the help of the customer's DBA.
  • Note that cabi probe installation is on another machine/IP_address
  • cabi probe will not start and throws: Controller: Probe 'cabi' (command = <startup java>) returns no-restart code (42), in the cabi.log
[Thread-0, cabi]      [exec] [echo] Validating administrative database connection at jdbc:mysql://xxxxxx:3306/mysql?allowPublicKeyRetrieval=true. Phase: [test]
[Thread-0, cabi]      [exec] [advanced-sql] Failed to connect: Could not connect to address=(host=xxxxx)(port=3306)(type=master) : Access denied for user '<username>'@'%' to database 'mysql'

and

[Thread-0, cabi]      [exec]      [echo]   Connection failed:
[Thread-0, cabi]      [exec]      [echo]   SQLState: 42000
[Thread-0, cabi]      [exec]      [echo]   Vendor specific error code: 1044
[Thread-0, cabi]      [exec]      [echo]   Message: [Could not connect to address=(host=xxxxxxx)(port=3306)(type=master) : Access denied for user '<username>'@'%' to database 'mysql']
[Thread-0, cabi]      [exec] 
[Thread-0, cabi]      [exec] BUILD FAILED

Environment

  • Release: UIM 20.4
  • DB: MySQL Community Server (GPL) 5.7.36
  • cabi 7.5.0, 8.0

Cause

  • table access/DB privileges for the mysql database

Resolution

Root cause of the issue: the user account did not have access to the mysql database, only the UIM DB.

UIM needs access to the mysql DB because:

  1. users table needs to be accessed in the mysql DB (mysql.user table)
  2. installation requires enough access to create stored proceduresda
  3. data_engine administration requires sufficient access to drop partitions (mysql user needs access to DROP partitions as well.

It is NOT currently documented in the UIM Techdocs, that you need the DB administrator account/user to install the cabi probe. This is in the process of being updated.

Requiring sys admin-type access to the mysql databa

se represents a security issue for some customers.

  1. We had to run the following GRANT statement:

    GRANT ALL PRIVILEGES ON mysql.* to '<username>'@'%' identified by '<password>';

    flush privileges;

  2. Deactivate cabi
  3. Activate cabi

Then the cabi installation proceeded without any further failures and as a result, the wasp installation completed.

Powered by Wolken Software