APM Password encryption Utility Usage
Article ID: 139049
Updated On:
Products
Issue/Introduction
The mdbadmin user is a user defined in the backend database server to access the given MDB database. Occasionally, the mdbadmin's password needs to be reset on the given DB Server for a variety of reasons.
This article discusses where the mdbadmin user credentials are stored and how to encrypt for a new password configuration.
Environment
Release : 14.1 and higher
Component : CA Asset Portfolio Management
Resolution
There are two methods to encrypt the mdbadmin password. Both methods are unique and apply to different aspects of the ITAM installation.
Method 1:
One will need the ITAM install media (ISO file or DVD)
- Mount the ISO or load the DVD for the ITAM install
- Assuming the install media is located on the F Drive, go to an Admin command prompt and cd to "F:\products\ITAM\Setups\CASM"
- Run the following command:
java -jar stringencrypter.jar [EXAMPLE PASSWORD]
Change "[EXAMPLE PASSWORD]" to be the password for the mdbadmin user in SQL Server. You may also need to include the path to the java.exe as part of the command
An output will present such as this:
F:\products\ITAM\Setups\CASM>"C:\Program Files (x86)\CA\ITAM\OpenJdk11\bin\java.exe" -jar stringencrypter.jar [EXAMPLE PASSWORD]
log4j:WARN No appenders could be found for logger (com.ca.crypto.impl.EncryptionUtil).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
ciphered text : XXXXXXXXX
- Copy the ciphered text string (ie: XXXXXXXXX).
Method 2:
Use the APM Password encryption utility, which can be downloaded in the files attached to this KB Article. File of interest is 1599158575305__RO72722.caz. Please review the following link for access to CAZIPXP.EXE to extract the CAZ zip file. You can also try this link as well to download cazipxp.exe. Alternatively, the file can be located in the install files from any RU or main system install instance. File "cazipxp.exe" is located under the RU install location, under filestore\utils\ApplyPTF or filestore\utils\CAZIP.
When following Method 2, please keep the following in mind:
- Please read the 1599158591276__RO72722.txt file that is attached to the KB Article for full details on how to extract and run the APM Password encryption utility
- The 1599158575305__RO72722.caz file is NOT a traditional patch that involves using ApplyPTF. There is no mention of using ApplyPTF to open/run a CAZ or JCL file, and is an unnecessary step.
- To summarize the procedure of Method 2, following the steps described in 1599158591276__RO72722.txt file
- Use cazipxp.exe to open/extract the 1599158575305__RO72722.caz file in a temp folder
- Run the "APM Password Encryption.exe" that is created which will create a folder called "APM Password Encryption"
- Access the "APM Password Encryption" folder, which will contain the "Password_Encryption.exe" file
- Run "Password_Encryption.exe" will then present with a GUI that will allow you to run password encryptions.
- You can also run this entire procedure on ANY Windows PC, including any that do not have ITAM present, to familiarize yourself with the utility.
- Sample output of running the "Password_Encryption.exe"
The mdbadmin password is located in the following places and uses two different methods to encrypt the database:
Method 1 is used in these locations:
- The db_credentials.xml file. File is located in C:\Program Files (x86)\CA\SharedComponents\CASM\Conf\db
Method 2 is used in these locations:
- DbPassword configuration setting in table al_cdb_configurationparameters. Run the following DB level query
SELECT * FROM [mdb].[dbo].[al_cdb_configurationparameters] where configkey = 'DbPassword'
- The CA.Common.LoadConfigurationAttributes.dll.config file. The file is located in these areas of ITAM's install directory.
C:\Program Files (x86)\CA\ITAM\Hardware Engine\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Registration Service\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Application Server\bin\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Data Importer Engine\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Event Service\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Export Service\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Hardware Engine\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Import Driver\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Import Processor\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Import Service\bin\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\LDAP Import Sync Service\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Registration Service\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Storage Manager Service\bin\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\WCF Service\bin\CA.Common.LoadConfigurationAttributes.dll.config
C:\Program Files (x86)\CA\ITAM\Web Server\bin\CA.Common.LoadConfigurationAttributes.dll.config - The CA.Common.Data.dll.config file. The file is located in these areas of ITAM's install directory.
C:\Program Files (x86)\CA\ITAM\Export Service\CA.Common.Data.dll.config (note: This file uses the "sa" credentials and not "mdbadmin")
C:\Program Files (x86)\CA\ITAM\LDAP Import Sync Service\CA.Common.Data.dll.config
C:\Program Files (x86)\CA\ITAM\Storage Manager Service\bin\CA.Common.Data.dll.config
C:\Program Files (x86)\CA\ITAM\Web Server\bin\CA.Common.Data.dll.config
Additional Information
If the mdbadmin password was changed at the DB level, without modifying the above, the web UI may present with an error such as this:
Server Error in '/ITAM' Application.
Login failed for user 'mdbadmin'.
Attachments
Feedback
