Client Automation - getCertFromCBB: failed to get read cert file

book

Article ID: 5698

calendar_today

Updated On:

Products

CA Client Automation - IT Client Manager CA Client Automation

Issue/Introduction

AM Agent or SD Agent is not working properly.

In the logs (ex: TRC_AMAGENT*.log) following error could be seen :

amagent   |cbbcstor        |cbbcstor            |000000|ERROR  | getCertFromCBB: failed to get read cert file
amagent   |cbbkstor        |cbbkstor            |000000|ERROR  | CSecretStore::retrieveSecret: cbbcstor.ff27f6a7459ecb80f066f3ace25ae361c36b7697: not found
amagent   |cfNetwork       |CTLSLayer.cpp       |000292|ERROR  | CTLSLayer::ClientHandshake: Unable to load TLS Provider for client
amagent   |cfNetwork       |CCFNetConnection.cpp|000548|ERROR  | CCFNetConnection::NegotiateEncryptedChannel: Unable to negotiate a TLS channel with the peer
amagent   |cfFTClientAPI   |                    |000000|ERROR  | CFTClientNotifier::Notify - Received unableToConnect notification!

Cause

This problem could be caused if there is a wrong configuration for itcm-self-signed certificate in the file CBB\certstor.dat. For example :

  • Missing certificate
  • Wrong Computer Name

Environment

Client Automation - All Versions

Resolution

  • Edit the file C:\Program Files (x86)\CA\SC\CBB\certstor.dat with notepad (or /opt/CA/SharedComponents/CBB/certstor.dat  on Linux/Unix)
  • Remove all blocks like this (with OU=itcm-sefl-signed)

id=cert.ff27f6a7459ecb80f066f3ace25ae361c36b7697

data=

subj "CN=computername,OU=itcm-self-signed,O=ca" sn "02" skid "ff27f6a7459ecb80f066f3ace25ae361c36b7697" from 1475288865l to 1506914865l auth pvkey file "/opt/CA/SharedComponents/CBB/certdb/364AAF687A892A7FF6A95A9CBF18D5845798DA0D.der"

end

 

  • Check if computer name is correct in block. Otherwise correct the name.

id=tag.itcm-anonymous

data=

CN=computer name,OU=itcm-self-signed,O=ca

end

  •  Execute this command

cacertutil list -v