Client Automation - getCertFromCBB: failed to get read cert file
Article ID: 5698
Updated On:
Products
CA Client Automation - IT Client Manager
CA Client Automation
Issue/Introduction
AM Agent or SD Agent is not working properly.
In the logs (ex: TRC_AMAGENT*.log) following error could be seen :
amagent |cbbcstor |cbbcstor |000000|ERROR | getCertFromCBB: failed to get read cert file
amagent |cbbkstor |cbbkstor |000000|ERROR | CSecretStore::retrieveSecret: cbbcstor.ff27f6a7459ecb80f066f3ace25ae361c36b7697: not found
amagent |cfNetwork |CTLSLayer.cpp |000292|ERROR | CTLSLayer::ClientHandshake: Unable to load TLS Provider for client
amagent |cfNetwork |CCFNetConnection.cpp|000548|ERROR | CCFNetConnection::NegotiateEncryptedChannel: Unable to negotiate a TLS channel with the peer
amagent |cfFTClientAPI | |000000|ERROR | CFTClientNotifier::Notify - Received unableToConnect notification!
Cause
This problem could be caused if there is a wrong configuration for itcm-self-signed certificate in the file CBB\certstor.dat. For example :
- Missing certificate
- Wrong Computer Name
Environment
Client Automation - All Versions
Resolution
- Edit the file C:\Program Files (x86)\CA\SC\CBB\certstor.dat with notepad (or /opt/CA/SharedComponents/CBB/certstor.dat on Linux/Unix)
- Remove all blocks like this (with OU=itcm-sefl-signed)
id=cert.ff27f6a7459ecb80f066f3ace25ae361c36b7697
data=
subj "CN=computername,OU=itcm-self-signed,O=ca" sn "02" skid "ff27f6a7459ecb80f066f3ace25ae361c36b7697" from 1475288865l to 1506914865l auth pvkey file "/opt/CA/SharedComponents/CBB/certdb/364AAF687A892A7FF6A95A9CBF18D5845798DA0D.der"
end
- Check if computer name is correct in block. Otherwise correct the name.
id=tag.itcm-anonymous
data=
CN=computer name,OU=itcm-self-signed,O=ca
end
- Execute this command
cacertutil list -v
Feedback
Powered by
