search cancel

Deployment of cabi probe fails on Windows 2019 robot with Access denied for user error

book

Article ID: 258037

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Deploying the CABI probe to Windows 2019 robot deploys the wasp and cabi, but  installation fails.

Background:

- root access was used for the mysql database during the initial UIM installation which was performed with the help of the customer's DBA.
- Note that cabi probe installation is on another machine/IP_address

[Thread-0, cabi]      [exec] [echo] Validating administrative database connection at jdbc:mysql://v12345:3306/mysql?allowPublicKeyRetrieval=true. Phase: [test]
[Thread-0, cabi]      [exec] [advanced-sql] Failed to connect: Could not connect to address=(host=v12345)(port=3306)(type=master) : Access denied for user 'abcdef'@'%' to database 'mysql'

and

[Thread-0, cabi]      [exec]      [echo]   Connection failed:
[Thread-0, cabi]      [exec]      [echo]   SQLState: 42000
[Thread-0, cabi]      [exec]      [echo]   Vendor specific error code: 1044
[Thread-0, cabi]      [exec]      [echo]   Message: [Could not connect to address=(host=vxxxxxx)(port=3306)(type=master) : Access denied for user 'abcdef'@'%' to database 'mysql']
[Thread-0, cabi]      [exec] 
[Thread-0, cabi]      [exec] BUILD FAILED

Environment

  • Release: UIM 20.4
  • DB: MySQL Community Server (GPL) 5.7.36

Cause

- table access/DB privileges for the mysql database

Resolution

Root cause of the issue: abcdef does not have access to the mysql database, only the UIM DB.

UIM needs access to the mysql DB because:

a. the users table needs to be accessed in the mysql DB (mysql.user table)
b. installation requires enough access to create stored procedures
c. data_engine administration requires enough access to drop partitions (mysql user needs access to DROP partitions as well)
d. other/TBD

It is NOT currently documented in the UIM Techdocs, that you need the DB administrator account/user to install the cabi probe. This is in the process of being updated.

Requiring sys admin-type access to the mysql database represents a security issue for the customer.

1. We had to run the following GRANT statement:

GRANT ALL PRIVILEGES ON mysql.* to 'abcdef'@'%' identified by '<password>';
flush privileges;

2. Deactivate cabi

3. Activate cabi

Then the cabi installation proceeded without any further failures and as a result, the wasp install completed.

Powered by Wolken Software