This knowledge article is subject to the DISCLAIMER provided at the bottom.
We recently exported our EEM policies from our old server and imported them into EEM on a brand new server. When we go to autosys_secure to regenerate certificates, we get the following error:
CA WAAE Security Utility
CAUAJM_E_60204 The instance is running under CA EEM security control but CA EEM is not available.
Do you wish to regenerate the CA EEM certificate and attempt to reconnect? [1(yes)/0(no)]: 1
CAUAJM_I_60150 Attempting to regenerate the CA EEM certificate and reconnect to the CA EEM server.
Input the CA EEM server name(s) (or hit enter to cancel): new_eem_server
CAUAJM_E_60152 You must specify the CA EEM server names previously used to enable external security.
CAUAJM_E_60199 Unable to generate the CA EEM certificate. See previous error messages for details.
CAUAJM_E_60203 Program aborting due to an invalid security environment.
CA Workload Automation AE r11.3.6+
Run the following SQL query against your AEDB:
delete from aedbadmin.ujo_keymaster where hostid = 'SECURITY';
update aedbadmin.ujo_alamode set int_val=0 where type = 'JOB';
update aedbadmin.ujo_alamode set int_val=0 where type = 'EVT';
delete from aedbadmin.ujo_alamode where type = 'SEC';
delete from ujo_keymaster where hostid = 'SECURITY';
update ujo_alamode set int_val=0 where type = 'JOB';
update ujo_alamode set int_val=0 where type = 'EVT';
delete from ujo_alamode where type = 'SEC';
Then restart your application server.
DISCLAIMER: The procedure documented herein bypasses the WAAE external security (Embedded Entitlements Manager a.k.a EEM) and hence all security authorization policies setup in EEM for the WAAE instance in question will NOT be available until external security is reactivated. Ensure the WAAE Application server(s) and Scheduler(s) are stopped before carrying out this procedure so that no unauthorized actions (autorep, sendevent, etc) are processed whilst the WAAE instance security is being reset.