After AE upgrade Web Services jobs fail with 'User Authentication Failure' and HTTP 401 1034

Document ID : KB000116299
Last Modified Date : 28/09/2018
Show Technical Document Details
Issue:
 After upgrading to Autosys 11.3.6 SP7, Web Service calls below receive authentication failures for all users:
- Trigger jobs (Start job)
- /AEWS/job-run-info  
- /AEWS/job  
- /AEWS/machine  

The following errors are seen in the logs:
-------------------------------------------------------
- waae-webservices_access_log shows: 

49.9.11.68 - - [26/Sep/2018:14:26:36 -0400] "POST /AEWS/event/start-job HTTP/1.1" 401 1034 
49.9.11.68 - - [26/Sep/2018:14:26:36 -0400] "POST /AEWS/event/start-job HTTP/1.1" 401 1034 

- waae_webservices_wrapper log shows; 

2018/09/26 14:26:36 | 26-Sep-2018 14:26:36.512 WARNING [https-jxxx-aaa-9443-exec-3] com.ca.eiam.jaas.EiamLoginModule.authenticateWithPassword User authentication failure. User: user3@company.com 


 
Resolution:
 On machine where Web Server is running do the following:

Go to $AUTOSYS/bin 
Run ./safex -munge <EiamAdmin_Password> and note the output. (Sub in the actual password for the EiamAdmin user in EEM) 
Go to $AUTOUSER 
Open eiam.ws.config and look for these lines… 

   <Authentication type="password"> 
   <!-- input for password based authentication --> 
   <UserAuth> 
   <Username>EiamAdmin</Username> 
   <Password>JSQXHREEHAMC</Password> 
   </UserAuth> 
   <!-- --> 

Make sure the value in the <Password>XXXXXXX</Password> tag matches the output from the safex -munge command. If they do not, edit the value in the eiam.ws.config file to match the safex command output and then restart the Web Server. 

There have been cases where an upgrade changes the munged password entry in the eiam.ws.config file to a wrong value. When that happens, all user authorizations start failing because the Web Server can no longer access EEM. 
It is not visible in the normal Web Services logs, EEM client tracing would need to be enabled to see this.