How can I correct ERROR: Failed to get ssl credentials. (44569) when DH connects to DMS ?
search cancel

How can I correct ERROR: Failed to get ssl credentials. (44569) when DH connects to DMS ?

book

Article ID: 4794

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

We had to reinstall the ENTM embedded endpoint. We totally removed the endpoint and we then reinstalled it, and we imported the DMS and DH from text, but after doing so, and even if the DH__ and DH__WRITER are subscribed to the DMS, when running sepmd -L DH__WRITER we are getting the following

sepmd -L DH__WRITER CA ControlMinder sepmd v12.81.0.1912 - Policy Model management 

Copyright (c) 2013 CA. All rights reserved. 

Initial offset:      0 
Last offset:         9353072 

Subscriber                             Errors    Flag     Offset   Next command ==========                             =======   ======   =======  ============ 
Queue: ac_server_to_server (DMS)        0       Unavail  0        setoptions is_dh+ 

and nothing is actually sent to the DH__WRITER, so that no policy is deployed to the endpoints

Doing

sepmd -e DH__WRITER

We get 


02 Dec 16 12:02:16 (DH__WRITER): Queue: ac_server_to_server (DMS) setoptions is_dh+ 0 Retry 
ERROR: Failed to get ssl credentials. (44569) 

and setting the DMS/DH__WRITER by specifying debug_mode = 1 in the corresponding pmd.ini file produces the following message in the  endpoint_managment.log? 

12/05/[email protected]:36:31 ACMQ COMPONENT(0xf7ddf8e0): [INTERNAL ERROR]: ACMQ_Init failed on line: 709 with error: 'Failed to get ACMQ credentials; Error code: 44549' 
12/05/[email protected]:36:31 ACMQ COMPONENT(0xf7ddf8e0): [INFORMATION]: ACMQ_Terminate [1248]: 'Terminate connection to Distribution Server' 

 

Environment

CA PÃŽM 12.X ENTM with embedded endpoint in Windows or Linux

Cause

This is caused by an incorrect or missing communications password on the ACMQ server side.

When the embedded endpoint was removed, the server communications password file, stored in /opt/CA/AccessControlShared/data/.acmqserver.dat was not recreated. 

Running dmsmgr or other endpoint-related commands do not recreate the encrypted hashed password for the ACMQ server. Hence, the DH__WRITER, even though subscribed to the DMS will not be able to sync to it.

 

Resolution

To recreate the server password in the ENTM environment you need to run

 

sechkey -t -server -w <pwd>

 

 

where <pwd> is your communications password, the one that was specified at installation time. After this the /opt/CA/AccessControlShared/data/.acmqserver.dat should be recreated and the system should be able to synchronize.

Powered by Wolken Software