A Customer with no access to AWI wants to force a "Reset Agent Public Key" on version 21 Agent that is unable to start.

Version 21

This operation is only necessary if the agent's certificate has suffered a corruption or was deleted. In this case the affected agent will not start and the logs will contain messages similar to the following:

==========================================================================

:\uc4\POW210\Agents\WIN2105\bin\security\POW210_WIN2105.cert', reason 'No such file or directory (system library, fopen)'.
20230829/134252.015 - U02000378 Loading certificates from directory: 'C:\uc4\POW210\Cert'.
20230829/134252.015 - U02000377 Certificate loaded from file 'C:\uc4\POW210\Cert\automicCA.crt'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\automicCA.key', reason 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\automicCA.srl', reason 'error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\automicssl.cnf', reason 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag'.
20230829/134252.015 - U02000377 Certificate loaded from file 'C:\uc4\POW210\Cert\MyServer.crt'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\MyServer.csr', reason 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\MyServer.key', reason 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\MyServer_keystore', reason 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag'.
20230829/134252.015 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Cert\POX210', reason '5 - Access is denied. >libcpprnt/src/FileChannel.cpp#sys::FileChannel::open:241<'.
20230829/134252.030 - U02002039 Successfully established connection with '*SERVER' (socket handle = '1').
20230829/134252.030 - U02000336 Connection '*SERVER' (socket handle = '1')  renamed to 'POW210#CP001'.
20230829/134252.030 - U02000004 Connection to Server 'POW210#CP001' successfully created.
20230829/134252.030 - U02000309 Unable to load Agent certificate file 'C:\uc4\POW210\Agents\WIN2105\bin\security\POW210_WIN2105.cert', reason '2 - The system cannot find the file specified. >libcpprnt/src/FileChannel.cpp#sys::FileChannel::open:241<'.
20230829/134252.030 - U02000341 Private key loaded from file 'C:\uc4\POW210\Agents\WIN2105\bin\security\POW210_WIN2105.pem'.
20230829/134252.077 - U02000297 Agent doesn't have valid certificate, requesting new one from server.
20230829/134252.077 - U02000401 Received JCP server list: 'https://posth--win2k19k002:8443/'
20230829/134252.093 - U00029407 Public key mismatch in CSR request from Agent: 'POW210_WIN2105'
20230829/134252.093 - U02000302 Agent shutdown has been initiated with return code '29407'.
20230829/134252.093 -           Waiting for File Transfer threads ...
20230829/134252.093 - U02000041 Shutdown Agent 'POW210_WIN2105'.

==========================================================================

If AWI is not accessible this operation can be done if an direct access to the database is available. Otherwise contacting the DBA will be necessary.

Proceed as follows:

Remove or rname the existing files in the folder configured in INI file of the agent under the parameter : 'agentSecurityFolder' 

Connect to database with UC4 user and run the following statement (if the database is oracle append a 'commit' to validate the changes).

Delete from ohc where ohc_oh_idnr in (select oh_idnr from oh where oh_name ='Name of the Agent')

Start the Agent.

If the operation was successful:

The Agent must remain active.

The content of the folder name above must contain new certificates.

The table OHC must contain a new entry for the object ID of the affected agent.

Please keep in mind that these steps only apply for TLS agent. AS400 and Z/OS agent are non-TLS agent and not concerned by this article.