After changing the EEM certificate length, user gets error logging into ITAM. "You entered an invalid user name and password combination. Click here to log in to the product again."

Document ID : KB000018731
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

User changes the EEM certificate Key length from default (1024) to 2048.

EEM 12.51 implementation guide is followed to modify the key length.

After modification, APM login fails.

Error Statement:
"You entered an invalid user name and password combination.
Click here to log in to the product again."

Solution:

EEM certificate for APM application should be run again, following the steps below.

Steps
(Follow these after the modification of the key length on EEM)

For APM 12.6/12.8 versions:

Login to APM Application Server

Go to

               \CA\ITAM\Application Server\bin\
               Copy
               CA.Common.Data.dll.config
 
               and Paste to
               \CA\ITAM\InstallConfig\AlleghenyInstallFiles\EEMSetup\EEMCertUtilities

In the Command prompt navigate to

               \CA\ITAM\InstallConfig\AlleghenyInstallFiles\EEMSetup\EEMCertUtilities
     

Run the below command with relevant parameters.

               EEMCertUtilities.exe  APM eiamadmin  uapmadmin
               
               Substitute:
                 - EEM server hostname
                 - EEM admin password
                
               Sample command: (assuming EEM is installed in Application Server)
               
               EEMCertUtilities.exe localhost APM eiamadmin dummy12# uapmadmin               

The execution of this command should not throw any error.

APM login will be successful now.

For APM 12.9 version:

Login to EEM server machine.

Copy 'EEMCertUtilities' folder from APM 12.9 DVD (Path: DVD\EEMSetup\EEMCertUtilities), to a Temp folder in EEM server machine.

Login to APM Web Server.

Copy

\CA\ITAM\Web Server\bin\CA.Common.LoadConfigurationAttributes.dll.config
 

and Paste the file into 'EEMCertUtilities' folder in EEM server machine.

In the EEM server machine, use the Command prompt to navigate to the copied (EEMCertUtilities) folder.

Run the below command with relevant parameters.

               EEMCertUtilities.exe <EEMServerName> APM eiamadmin <EEM login PASSWORD> uapmadmin
               
               Substitute:
                <EEMServerName> - EEM server hostname (local host in this case)
                <EEM login PASSWORD> - EEM admin password
                
               Sample command: 
               
               EEMCertUtilities.exe localhost APM eiamadmin dummy12# uapmadmin               

APM login will be successful now.

Note:
These steps need to be followed whenever EEM certificate is changed. (Key Length or Algorithm)

If APM is Integrated with CA Service Catalog and/or CA IT Process Manager then:

For CA Service Catalog,
User needs to unregister the Service Catalog application from EEM and re-launch the setup utility to register EEM.

For CA IT Process Manager,
User needs to reconfigure PAM by launching the installer and register EEM to make the PAM application work.