No user is able to access CA Service Catalog.  Other applications connecting to EEM may remain accessible. Backend LDAP configuration is fine, and users are able to login to EEM directly.

view.log shows the following error:

ERROR [http-nio-8080-exec-4] [ContactHelper] validateDomain() - unexpected error:EE_SPONSORERROR iSponsor Error
ERROR [http-nio-8080-exec-4] [CEIAMAuthenticate]  Exception in Authenticating [Authenticate Error: Authentication Failed]
com.ca.eiam.SafeException: EE_SPONSORERROR iSponsor Error
com.ca.eiam.SafeException: EE_SPONSORERROR iSponsor Error
    at com.ca.eiam.SafeContext.authenticateWithCertificate(SafeContext.java:1937) ~[safe.jar:?]

Other variations of the above error include

ERROR [https-jsse-nio-443-exec-21] [CEIAMAuthenticate]  Exception in Authenticating [Authenticate Error: Authentication Failed, Identity Attempted: null]
com.ca.eiam.SafeException: EE_AUTHFAILED Authentication Failed
com.ca.eiam.SafeException: EE_AUTHFAILED Authentication Failed
    at com.ca.eiam.SafeContext.authenticateWithCertificate(SafeContext.java:1961) ~[safe.jar:?]

ERROR [https-jsse-nio-443-exec-17] [EiamPermission] retrieveAclPolicies - Error...
com.ca.eiam.SafeException: EE_AUTHFAILED Authentication Failed
    at com.ca.eiam.SafeContext.authenticateWithCertificate(SafeContext.java:1961) ~[safe.jar:?]

CA Service Catalog 17.3 and 17.4

Multiple possible causes:

1. If there was an upgrade, there was a problem with the EEM/Catalog integration.

2. There was an incomplete or incorrect configuration to EEM from Catalog

3. There was a manual change in the Catalog configuration files or some external application deleted or made a change to the configuration files, etc.  This includes Windows updates

There are two options:

Option 1:

1. Navigate to the C:\Program Files\CA\Service Catalog folder and back up the USMcertfile.pem and USMcertfile.key files; move these two files away a separate folder)

2.  In an admin command prompt, navigate to the C:\Program Files\CA\Service Catalog\bin\safex and run

safex.exe -sdkconfig "C:\Program Files\CA\Service Catalog\eiam.config" -h <eem-host> -u eiamadmin -p <password> -f "C:\Program Files\CA\Service Catalog\scripts\EIAM\issueCertificate.xml"

3. If necessary, run the Catalog setup utility and reconfigure the connection to EEM. (If EEM is a cluster configuration, ensure on all Service Catalog servers that the EEM host name is specified with both EEM cluster servers, separated by a comma.  For example, "EEMhost1,EEMhost2")

Option 2:  (Please take full server backups prior to trying this as this is a very aggressive approach)

Login to EEM and unregister the Service Catalog application from EEM.

Then run the Catalog setup utility and reconfigure the connection to EEM.

Refer to the section "Reconfigure CA EEM" (do not try the manual steps, just the steps using the setup utility to reconfigure EEM)

For any other Catalog nodes and xFlow, copy the USMcertfile.pem and USMcertfile.key files that are generated into their install paths

Catalog install path:  C:\Program Files\CA\Service Catalog

xFlow install path:  C:\Program Files\CA\xFlow