Bad Credentials Displays When Accessing the Primary UAR Server from a Secondary Server

book

Article ID: 38280

calendar_today

Updated On:

Products

SECURITY MISC CODES SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Summary:  

You can access and work successfully in the UAR primary server. 

But when you are logged into a secondary UAR server, you cannot access the main server.  You receive the message; ‘Error: Bad Credentials’  

This condition is caused by the primary UAR server becoming untrusted to the secondary servers(s). 

To resolve this condition, you must re-trust the primary UAR server.  

 

Instructions: 

 

1) Disable FIPS mode (if you are running UAR in the FIPS mode).  FIPS mode needs to be disabled in order to run the procedure.  You will re-enable it after the changes are completed. 

 

The order of disabling and enabling is IMPORTANT.  Non-FIPS machines cannot communicate with FIPS servers. 

 

As root in the $IGW_LOC directory (opt/CA/SharedComponents), run the following on the primary server first. 

 

Sh ChangeMode.sh FIPS_OFF

 

Then do the same on the secondary server. 

 

 

2) Stop iGateway on the secondary UAR server, as root user, run

 

./S99igateway stop  (Note the dot and slash at the beginning of this command)

 

3) Backup the iControl.conf file in the iTechnology directory ($IGW_LOC). 

 

- Make sure the extension is not .conf

 

4) vi (edit) the iControl.conf file and remove the entire tag for <TrustedKey>

 

5) Start iGateway on the secondary server

 

./S99igateway start  (Note the dot and slash at the beginning of this command)

 

6) Run the command

 

./authtool –a <Primary Server> -nologin  (Note the dot and slash at the beginning of this command)

 

 

 

7) Verify the <Trusted Key> is added into the iControl.conf file

 

 

 

8) Stop iGateway (./S99igateway stop) and copy the <TrustedRoot> tag of the iControl.conf from the Primary server.  You can have two trusted root tags in the same file. 

 

 

 

9) Start iGateway on the Secondary Server

 

 

 

10) If you were running in FIPS mode prior to this change, enable FIPS mode on the Secondary Server

 

Sh ChangeMode.sh FIPS_ON

 

 

 

11) If you were running in FIPS mode prior to this change, enable FIPS mode on the Primary Server  

 

Sh ChangeMode.sh FIPS_ON

 

 

 

Environment

Release: ETRDIR10600-12.6-Directory
Component: