Automic Workload Automation

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in. 

check your uc4config.xml file under the awi config folder, more info should be in the logs under WebInterface\osgi-tmp\0.  You can also check if a login attempt was made to the engine logs. 

Also, if you upgraded Java, make sure you have the trusted root in the Java cacerts for the JCP.

Original Message:
Sent: Mar 06, 2025 03:00 AM
From: Cristian Suciu
Subject: ACCESS DENIED in AWI of AE 24.3 after Upgrade.

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in. 

uc4config.xml file is basically the same as the one for ae21. 
We can see the login attempts in both PWP log and JCP log.

In the JWP log we see issue:

20250306/093319.321 - 50     U00045033 Log on to LDAP server 'censored' with user 'censored'.
20250306/093319.397 - 50     U00045014 Exception 'javax.naming.CommunicationException: "censored"' at 'com.sun.jndi.ldap.Connection.<init>():252'.
20250306/093319.398 - 50     U00045015 The previous error was caused by 'java.net.SocketException: "Connection reset"' at 'java.net.SocketInputStream.read():186'.
20250306/093319.399 - 50     U00045040 LDAP check with logon user 'censored' failed.
20250306/093410.186 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093418.863 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/093428.790 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093438.964 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/100230.822 - U00011800 Disconnect User: Cannot find user '*CP005#00000017' in the table AKT-USER.
20250306/100537.616 - U00003234 Logon error: Access denied. (Connection='*CP005#00000018', host = 'censored', client = '')

check your uc4config.xml file under the awi config folder, more info should be in the logs under WebInterface\osgi-tmp\0.  You can also check if a login attempt was made to the engine logs. 

Also, if you upgraded Java, make sure you have the trusted root in the Java cacerts for the JCP.

Original Message:
Sent: Mar 06, 2025 03:00 AM
From: Cristian Suciu
Subject: ACCESS DENIED in AWI of AE 24.3 after Upgrade.

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in. 

Try copying the ae engine certs from your v21 installation over to the v24 engine and restart the engine.  make sure the keys added in to the jdk11 cacerts are in the jdk17 cacerts, otherwise try using the previous jdk11 installation to get it started. Did the agents start up - SQL_Agent / DB_Service?  Have a look at the log for those and see if you find an untrusted connection error.  

Is the servicemanager service running as the correct user if you are using Windows? 

uc4config.xml file is basically the same as the one for ae21. 
We can see the login attempts in both PWP log and JCP log.

In the JWP log we see issue:

20250306/093319.321 - 50     U00045033 Log on to LDAP server 'censored' with user 'censored'.
20250306/093319.397 - 50     U00045014 Exception 'javax.naming.CommunicationException: "censored"' at 'com.sun.jndi.ldap.Connection.<init>():252'.
20250306/093319.398 - 50     U00045015 The previous error was caused by 'java.net.SocketException: "Connection reset"' at 'java.net.SocketInputStream.read():186'.
20250306/093319.399 - 50     U00045040 LDAP check with logon user 'censored' failed.
20250306/093410.186 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093418.863 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/093428.790 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093438.964 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/100230.822 - U00011800 Disconnect User: Cannot find user '*CP005#00000017' in the table AKT-USER.
20250306/100537.616 - U00003234 Logon error: Access denied. (Connection='*CP005#00000018', host = 'censored', client = '')

check your uc4config.xml file under the awi config folder, more info should be in the logs under WebInterface\osgi-tmp\0.  You can also check if a login attempt was made to the engine logs. 

Also, if you upgraded Java, make sure you have the trusted root in the Java cacerts for the JCP.

Original Message:
Sent: Mar 06, 2025 03:00 AM
From: Cristian Suciu
Subject: ACCESS DENIED in AWI of AE 24.3 after Upgrade.

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in. 

We were able to start DB_SERVICE and SQL_AGENT but the Linux agent is still going down with the following error:

U02000313 Communication error with partner 'censored:8448', error: 'PKIX path building failed: unable to find valid certification path to requested target'.

I managed to log int client 0 with UC user but with our LDAP users I am unable to log in.

Try copying the ae engine certs from your v21 installation over to the v24 engine and restart the engine.  make sure the keys added in to the jdk11 cacerts are in the jdk17 cacerts, otherwise try using the previous jdk11 installation to get it started. Did the agents start up - SQL_Agent / DB_Service?  Have a look at the log for those and see if you find an untrusted connection error.  

Is the servicemanager service running as the correct user if you are using Windows? 

uc4config.xml file is basically the same as the one for ae21. 
We can see the login attempts in both PWP log and JCP log.

In the JWP log we see issue:

20250306/093319.321 - 50     U00045033 Log on to LDAP server 'censored' with user 'censored'.
20250306/093319.397 - 50     U00045014 Exception 'javax.naming.CommunicationException: "censored"' at 'com.sun.jndi.ldap.Connection.<init>():252'.
20250306/093319.398 - 50     U00045015 The previous error was caused by 'java.net.SocketException: "Connection reset"' at 'java.net.SocketInputStream.read():186'.
20250306/093319.399 - 50     U00045040 LDAP check with logon user 'censored' failed.
20250306/093410.186 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093418.863 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/093428.790 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093438.964 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/100230.822 - U00011800 Disconnect User: Cannot find user '*CP005#00000017' in the table AKT-USER.
20250306/100537.616 - U00003234 Logon error: Access denied. (Connection='*CP005#00000018', host = 'censored', client = '')

check your uc4config.xml file under the awi config folder, more info should be in the logs under WebInterface\osgi-tmp\0.  You can also check if a login attempt was made to the engine logs. 

Also, if you upgraded Java, make sure you have the trusted root in the Java cacerts for the JCP.

Original Message:
Sent: Mar 06, 2025 03:00 AM
From: Cristian Suciu
Subject: ACCESS DENIED in AWI of AE 24.3 after Upgrade.

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in. 

We were able to start DB_SERVICE and SQL_AGENT but the Linux agent is still going down with the following error:

U02000313 Communication error with partner 'censored:8448', error: 'PKIX path building failed: unable to find valid certification path to requested target'.

I managed to log int client 0 with UC user but with our LDAP users I am unable to log in.

Try copying the ae engine certs from your v21 installation over to the v24 engine and restart the engine.  make sure the keys added in to the jdk11 cacerts are in the jdk17 cacerts, otherwise try using the previous jdk11 installation to get it started. Did the agents start up - SQL_Agent / DB_Service?  Have a look at the log for those and see if you find an untrusted connection error.  

Is the servicemanager service running as the correct user if you are using Windows? 

uc4config.xml file is basically the same as the one for ae21. 
We can see the login attempts in both PWP log and JCP log.

In the JWP log we see issue:

20250306/093319.321 - 50     U00045033 Log on to LDAP server 'censored' with user 'censored'.
20250306/093319.397 - 50     U00045014 Exception 'javax.naming.CommunicationException: "censored"' at 'com.sun.jndi.ldap.Connection.<init>():252'.
20250306/093319.398 - 50     U00045015 The previous error was caused by 'java.net.SocketException: "Connection reset"' at 'java.net.SocketInputStream.read():186'.
20250306/093319.399 - 50     U00045040 LDAP check with logon user 'censored' failed.
20250306/093410.186 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093418.863 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/093428.790 - 50     U00029407 Public key mismatch in CSR request from Agent: 'ORACLE'
20250306/093438.964 - 50     U00029407 Public key mismatch in CSR request from Agent: 'DB_SERVICE'
20250306/100230.822 - U00011800 Disconnect User: Cannot find user '*CP005#00000017' in the table AKT-USER.
20250306/100537.616 - U00003234 Logon error: Access denied. (Connection='*CP005#00000018', host = 'censored', client = '')

check your uc4config.xml file under the awi config folder, more info should be in the logs under WebInterface\osgi-tmp\0.  You can also check if a login attempt was made to the engine logs. 

Also, if you upgraded Java, make sure you have the trusted root in the Java cacerts for the JCP.

Original Message:
Sent: Mar 06, 2025 03:00 AM
From: Cristian Suciu
Subject: ACCESS DENIED in AWI of AE 24.3 after Upgrade.

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in. 

We upgraded AE to version 24.3 and we are getting access denied in our AWI when trying to log in.