EEM - Reset Missing or Forgotten EiamAdmin Password in release 12.x


Article ID: 37739


Updated On:


SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Process Automation Base


The below document describes how to reset the EiamAdmin password if it is missing or forgotten, on Windows and non-Windows platforms.


Because the EiamAdmin user is defined to an internal datastore for EEM, and external to the application itself, it is necessary to reset this password in the case of a lost or forgotten password.


Embedded Entitlements Manager 12.x


Access to the itechpoz DSA is required, so the current security for this DSA needs to be modified and then have the itechpoz DSA restarted.

  • Open the file /opt/CA/SharedComponents/CADirectory/dxserver/config/access/itechpoz.dxc (C:\Program Files (x86)\CA\Directory\dxserver\config\access\itechpoz.dxc on Windows)
    • Change "set access-controls = false;"
  • Save this file
  • Open the file /opt/CA/SharedComponents/CADirectory/dxserver/config/settings/itechpoz.dxc (C:\Program Files (x86)\CA\Directory\dxserver\config\settings\itechpoz.dxc on Windows)
    • Change "set min-auth = none;"
  • Save this file
  • Open the file /opt/CA/SharedComponents/CADirectory/dxserver/config/knowledge/itechpoz.dxc (C:\Program Files (x86)\CA\Directory\dxserver\config\knowledge\itechpoz.dxc on Windows)
    item 2, highlighted below in green, is required on non-Windows EEM servers}
    • Change "set auth-levels = anonymous"
    • Change "address = ipv4 "<IP address>" port 509, ipv4 "<hostname>" port 509"
  • Save this file
  • On non-Windows platforms, reinitialize itechpoz DSA from command line using su - dsa -c "dxserver init all"
    On Windows Platforms, restart the "CA iTechnology iGateway x.x" service and CA Directory Services.
  • Install and run any ldap browser on your EEM server. We normally recommend JXplorer 3.2.2 or higher (available
    • Connect to the itechpoz DSA using your EEM server information.
    • Hostname is the fully qualified domain name for the EEM server
    • Port is 509 
    • Base DN is  cn=itechpoz
    • Security is Anonymous, no username or password

    • Save the template for furture use
    • Once connected, expand Entities / Admins  and select EiamAdmin from the tree.
    • On the right, select Table Editor view
    • Double click on the userPassword value and enter in the new password. Re-enter to confirm
    • Click OK, then click Submit
  • You can now check that the password in the EEM UI for the EiamAdmin account is working.