Unable to upgrade WCC to 24.1 due to EEM Connection Failure
search cancel

Unable to upgrade WCC to 24.1 due to EEM Connection Failure

book

Article ID: 433669

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

While attempting WCC upgrade to R24.1, the setup fails at the step prompting for the EiamAdmin credentials for the associated EEM, returning the following error:

[CAUAJM_E_112111] An internal error occurred while interacting with the CA EEM server.
EE_NOTALLOWED Operation not allowed

The EEM services are running, and EiamAdmin credentials hostname and configuration details have also been verified.

Cause

The installer log shows that during the install/upgrade process, a temporary cert is generated by EEM:

certificate: leave [retval : certificate]
TRACE 2026-03-17T06:08:06,195 [main] [com.ca.eiam.SafeCache] submitEvent - Enter : args[DelieveryHost = wcc.example.com, Identity = EiamAdmin, Action = issueCertificate, Resource = WCC0004, ErrorCode = 0]
TRACE 2026-03-17T06:08:06,196 [main] [com.ca.eiam.SafeContext] privAuthorizeWithSession - Enter : params[SafeSession session,Action=submit,ResuorceClass=SafeEvent,Resuorce=issueCertificate,List namedattrq,Date when,List identityq,Delegator=null,Locked=false,Debug=false,CheckOnly=false]
TRACE 2026-03-17T06:08:06,196 [main] [com.ca.eiam.SafeCache] getMatchingPolicyQ - ExplicitDeny = true, Identity = EiamAdmin, Action = submit, ResourceClass = SafeEvent, Resource = issueCertificate, Return policyq size = 0
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeCache] getMatchingPolicyQ - ExplicitDeny = false, Identity = EiamAdmin, Action = submit, ResourceClass = SafeEvent, Resource = issueCertificate, Return policyq size = 1
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeContext] privAuthorizeWithSession - Leave : retval, Result true
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeCache] submitCustomEvent - Enter : args[DelieveryHost = wcc.example.com, object: SafeEvent]
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeSAF] writeEventIntoSaf - Event stored in the saf file @ 750
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeCache] submitCustomEvent - Leave : args[DelieveryHost = wcc.example.com, object: SafeEvent]
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeCache] submitEvent - Leave : args[DelieveryHost = wcc.example.com, Identity = EiamAdmin, Action = issueCertificate, Resource = WCC0004, ErrorCode = 0]
TRACE 2026-03-17T06:08:06,197 [main] [com.ca.eiam.SafeContext] issueCertificate: leave [retval: certificate]
TRACE 2026-03-17T06:08:06,197 [m_evtthread] [com.ca.eiam.SafeSAF] getNextEventFromSaf - Read event from file. event length - 747
TRACE 2026-03-17T06:08:06,204 [m_evtthread] [com.ca.eiam.SafeCache] sendoutEvents - Event successfully submitted to server
TRACE 2026-03-17T06:08:06,204 [m_evtthread] [com.ca.eiam.SafeSAF] updateIDX - Event successfully submitted to server.
TRACE 2026-03-17T06:08:06,204 [m_evtthread] [com.ca.eiam.SafeSAF] getNextEventFromSaf - No new events retrieved, resetting inSaf file's position to 750
DEBUG 2026-03-17T06:08:06,209 [main] [com.ca.eiam.SafeCertificateWriter] SafeCertificateWriter::writeToPEM: successful
DEBUG 2026-03-17T06:08:06,209 [main] [com.ca.eiam.SafeCertificateWriter] SafeCertificateWriter::writeToPEM: successful [certfile: /tmp/temp.key, keyfile: /tmp/temp.pem]

 

Which is then used to attach to EEM. However, the below denotes an error trying to attach to EEM using the newly generated cert.

TRACE 2026-03-17T06:08:06,305 [main] [com.ca.eiam.poz.PozFactory] addPozNode - Enter : params [poz_node=wcc.example.com]
DEBUG 2026-03-17T06:08:06,305 [main] [com.ca.eiam.poz.PozFactory] addPozNode - poz_node=wcc.example.com, poz_nodes=[wcc.example.com]
TRACE 2026-03-17T06:08:06,305 [main] [com.ca.eiam.poz.PozFactory] addPozNode - Leave
TRACE 2026-03-17T06:08:06,305 [main] [com.ca.eiam.poz.PozFactory] setProductInstance - Enter : params[ProductInstance=PozAdmin]
TRACE 2026-03-17T06:08:06,305 [main] [com.ca.eiam.poz.PozFactory] setProductInstance - Leave
TRACE 2026-03-17T06:08:06,305 [main] [com.ca.eiam.poz.PozFactory] authenticateWithIclient - Enter : params[Iclient icl]
TRACE 2026-03-17T06:08:06,308 [main] [com.ca.eiam.poz.PozFactory] authenticateWithIclient - Leave : retval=true
TRACE 2026-03-17T06:08:06,308 [main] [com.ca.eiam.poz.PozFactory] attachPoz - Enter
 INFO 2026-03-17T06:08:06,309 [main] [com.ca.eiam.poz.PozFactory] attachPoz - calling iclient.runMethod[Sponsor=iPoz,Method=ClientAttach] for host wcc.example.com
DEBUG 2026-03-17T06:08:06,342 [main] [com.ca.eiam.poz.PozFactory] attachPoz - attach completed with 
ERROR 2026-03-17T06:08:06,343 [main] [com.ca.eiam.poz.PozFactory] attachPoz - exception
com.ca.eiam.poz.PozException: PozFactory.attach: unable to attach
 at com.ca.eiam.poz.PozFactory.attachPoz(PozFactory.java:402) [Safe.jar:?]

Resolution

Under this scenario, the issue was due to Default Global Attach policy within EEM and was resolved by setting it to All identities

  • Login to EEM Global Application as eiamadmin
  • Manage Access Policies
  • Scoping Policies
  • Default Global Attach policy
  • Click on DefaultGlobalAttach Policy
  • Ensure All Identities is added.
  • Save the Policy

Finally, retry the upgrade

Powered by Wolken Software