search cancel

Cannot login to new Operator console in UIM 20.3 - Invalid Credentials error

book

Article ID: 203667

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We updated a UIM 9.2 to 20.3 and installed a new Operator Console on another Robot, the new OC web seems to work fine but we can't log in, it just displays Invalid Credentials.

I can log in to the Infrastructure Manager with administrator and my LDAP user, but not to the OC. This happens to all the users.

I imported the .pem file from the UIM to the OC and configured the robot with the path

Nov 17 18:02:57:244 ERROR [http-nio-80-exec-9, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User '[email protected]' login failed 
Nov 17 18:02:57:244 ERROR [http-nio-80-exec-9, com.firehunter.ump.auth.NmsAuth] Login failed for [email protected]: javax.security.auth.login.FailedLoginException: login failed 
Nov 17 18:03:11:123 ERROR [http-nio-80-exec-7, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User 'administrator' login failed 
Nov 17 18:03:11:123 ERROR [http-nio-80-exec-7, com.firehunter.ump.auth.NmsAuth] Login failed for administrator: javax.security.auth.login.FailedLoginException: login failed 
Nov 17 18:04:09:412 ERROR [http-nio-80-exec-10, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User 'XX123456' login failed 
Nov 17 18:04:09:412 ERROR [http-nio-80-exec-10, com.firehunter.ump.auth.NmsAuth] Login failed for XX123456: javax.security.auth.login.FailedLoginException: login failed 
Nov 17 18:07:50:619 ERROR [http-nio-80-exec-5, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User 'test' login failed 
...
Nov 17 18:32:39:754 ERROR [http-nio-80-exec-10, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User 'XX123456' login failed 
Nov 17 18:32:39:754 ERROR [http-nio-80-exec-10, com.firehunter.ump.auth.NmsAuth] Login failed for XX123456: javax.security.auth.login.FailedLoginException: login failed 
Nov 17 18:59:38:991 INFO  [main, com.nimsoft.nimbus.NimProbe] ****************[ Restart ]**************** 
Nov 17 18:59:38:991 INFO  [main, com.nimsoft.nimbus.NimProbe] ****************[ Starting ]**************** 
Nov 17 18:59:38:991 INFO  [main, com.nimsoft.nimbus.NimProbe] 20.30 
Nov 17 18:59:38:991 INFO  [main, com.nimsoft.nimbus.NimProbe] Nimsoft 
Nov 17 18:59:38:991 INFO  [main, com.nimsoft.nimbus.NimProbe] port=48009 
Nov 17 19:07:43:184 ERROR [http-nio-80-exec-4, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User 'XX123456' login failed 
Nov 17 19:07:43:184 ERROR [http-nio-80-exec-4, com.firehunter.ump.auth.NmsAuth] Login failed for XX123456: javax.security.auth.login.FailedLoginException: login failed 
...
Nov 17 19:08:28:053 ERROR [http-nio-80-exec-9, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] login() User 'Administrator' login failed 
Nov 17 19:08:28:053 ERROR [http-nio-80-exec-9, com.firehunter.ump.auth.NmsAuth] Login failed for Administrator: javax.security.auth.login.FailedLoginException: login failed 
...

Environment

Release : 20.3/20.3.1

Component : UIM - OPERATOR CONSOLE

Primary hub

- Robot v9.32
- Hub 9.31 on the Primary hub

- UIM 20.3.1
- OC on separate standalone robot
- cabi 4.30 is red and not started

Cause

- hub login was set to 'Local Machine only' so it must have been changed since upgrade to 9.30/9.31 does not cause it.

Resolution

No changes were made to the hub LDAP configuration which was previously working.

LDAP connection test was successful. IM login works as well.

Note that mon_config_service and _recon were present so we deactivated them since they should only be on the Primary hub.

Another robot with OC installed and has mon_config_service and _recon as well so we deactivated those probes.

OC was working but System Component Missing error was shown (Falta un componente del sistema)

Logged into to operator console to test it and see what errors were displayed. It just returns to the same OC page and shows 'Invalid Credentials.'

 

 

In the browser developer tool under Network after pressing Ctrl-R and trying to login as an LDAP user, we saw an HTTP 403 (Forbidden) error. Console Tab showed the same error.

 

 

In this case there were multiple Operator consoles installed to try and workaround any connection issues just in case there was a problem connecting to the hub since neither the LDAP user nor Administrator users could login. The ‘working’ OC where you could login was on the Primary hub.

We tested login from the Operator Console again but this time using the Administrator user to login which had also been failing and we checked the hub.log at loglevel 6 nd we could see an error:

   Hub: login – denied; local login only (id=administrator ip=10.xxx.xxx.xxx)
   Login: failed for administrator, ip = 10.xxx.xxx.xxx

This error occurs when the hub is set to Local login only instead of “Normal (login allowed)"

Not sure why this was set – maybe it occurred after hub upgrade but it was not reproducible in the lab using hub 9.30/9.31.

So we set it to Normal (login allowed) and clicked Ok. Then we tried to login to the Operator Console again as Administrator while the browser DEV tool was open.

This time we were able to login as the Administrator to OC.

But now there was a different error concerning the System Component because cabi was not up and running. In the browser dev tool window, it displayed: “Error retrieving cabi info:   Error:

Request failed with status code 503.

 

 

LDAP user login worked fine now as well but the System Component error displays on the CABI Home page because cabi installation as not completed. Cabi 4.30 probe was red/not running on the robot where it was installed for the OC.

Deactivated cabi probe v4.30

Activated it and it was able to get a port and a PID.

As per the cabi.log:

extracting cabi installer…

wasp status was active as per the log.

 

But then cabi probe failed/displayed red.

Cabi log showed errors

cabi would not install. 4.30

[main, cabi] nimEx.getCode()=4, nimEx.getMsgForCode()=not found, nimEx.getMessage()=Received status (4) on response (for sendRcv) for cmd = 'probe_config_get' name = 'wasp'
Nov 23 10:37:34:680 [main, cabi] ignoring the message as the key might not net set; logging it for tracking later 
Nov 23 10:37:34:682 [main, cabi] activating wasp...
Nov 23 10:37:34:685 [main, cabi] ... activated wasp  [time taken=0 minute(s) 0 second(s) (3 ms)]
Nov 23 10:37:34:685 [main, cabi] (42) , CABI installer failed with exit code=1
Nov 23 10:37:34:685 [main, cabi] setting the lastInstallStatus=4
Nov 23 10:37:34:686 [main, cabi] successfully set the lastInstallStatus=4
Nov 23 10:37:34:687 [main, cabi] srcFilePath=D:\Apps\Nimsoft\probes\service\cabi\cabi.log, srcFilePath.exists=true, tgtFilePath=D:\Apps\Nimsoft\probes\service\cabi\cabi_install_archive.log, tgtFilePath.exists=true
Nov 23 10:37:35:669 [8752] Controller: Probe 'cabi' (command = <startup java>) returns no-restart code (42)

So the CABI installation failed.

But the issue with accessing Operator Console was resolved.

Customer had already created another case for the cabi installation problem.

We cited KB Article -  solution for uninstalling and reinstalling CABI.

https://knowledge.broadcom.com/external/article/133769/unable-to-install-bundled-cabi-41-receiv.html

Customer was running MS SQL Server 2008, which is not supported by 20.3. 

As per:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/installing/product-compatibility/ca-uim-compatibility-matrix.html#concept.dita_3e0b025267e987b38f84e5c201b1b6f9da447ad5_ComponentSupportMatrix

In UIM 20.3x, MS SQL Server 2012, 2014, 2016 and 2017 are supported.

Additional Information

If you're using MS SQL Server with Windows Authentication, follow the instructions here to setup Windows auth for OC:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/installing/Install-Operator-Console-(OC).html#concept.dita_6b8d37c4-53be-4991-803a-452a8824caec_MicrosoftSQLServerWindowsAuthenticationOnlySetupWindowsAuthenticationinOC

Please also pay close attention to the section:
(Microsoft SQL Server Windows Authentication Only) Set up Windows Authentication in OC

For MS SQL with Active Directory (AD) Authentication, change the logon account on the OC robot to the same account and password used in the data_engine and the Primary hub/UIM server. Also that user should be in the Administrators group containing the correct permissions.


As per the wasp.log entries - here is some sample evidence to look for related to this scenario:

Nov 30 14:26:41:622 ERROR [main, com.nimsoft.nimbus.probe.service.wasp.Probe] com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'XYZ\OXXXXXXXX001$'. ClientConnectionId:8f4a29d9-1838-4f1a-af31-762215eb399a
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:258)

Attachments