Previous Topic: Cannot Import ac-dir.xml Directory Configuration FileNext Topic: Question Marks Appear in CA ControlMinder Enterprise Management Tabs


CA ControlMinder Enterprise Management Cannot Connect to DMS

Symptom:

When I log in to CA ControlMinder Enterprise Management, I receive a message similar to the following:

Error: Login procedure failed
Error: Password on target does not match client's password

Solution:

The user ac_entm_pers cannot log in to the DMS. This user authenticates communication and data flow between the Enterprise Management Server and the DMS.

Note: The ac_entm_pers user has the following authorization attributes: ADMIN, AUDITOR, IGN_HOL, LOGICAL

To troubleshoot this problem, do the following:

  1. Open selang.
  2. Connect to the DMS:
    host DMS__@entM_host_name 
    
  3. Change the password for ac_entm_pers:
    eu ac_entm_pers admin auditor nonative password(password) logical nonative grace-
    
  4. Authorize ac_entm_pers to log in to the host on which the Enterprise Management Server is installed:
    authorize TERMINAL entM_host_name uid(ac_entm_pers) access(a)
    
  5. Validate that ac_entm_pers can log in to the Enterprise Management Server:
    host DMS_@entM_host_name uid(ac_entm_pers) password(password) logical
    
  6. Update the Enterprise Management Server DMS connection settings with the new password for ac_entm_pers.

    The DMS authenticates ac_entm_pers and CA ControlMinder Enterprise Management is connected to the DMS.

    Note: For more information about how to configure the connection to the DMS, see the CA ControlMinder Enterprise Management Online Help.

If you receive an error when you update the connection settings, the DMS cannot authenticate ac_entm_pers. To troubleshoot this problem, do the following:

  1. Verify that you entered the same password in each step of the previous procedure.
  2. Verify that the host name of the Enterprise Management Server (entM_host_name) in Step 4 of the previous procedure is correct.

    For example, if you specify the fully qualified host name of the Enterprise Management Server in Step 4, but the TERMINAL record for the Enterprise Management Server uses a short host name, the host names are not resolved and ac_entm_pers cannot log in to the Enterprise Management Server.

  3. Review the CA ControlMinder audit file:
    seaudit -a
    
  4. Review the DMS audit file:
    seaudit -a -fn DMS_log_file
    

    Note: The audit records may provide information about the correct host name of the TERMINAL record for the Enterprise Management Server.

Example: Display the DMS Audit File

The following example displays the audit file for a DMS named DMS__:

seaudit -a -fn "C:\Program Files\CA\AccessControlServer\APMS\AccessControl\Data\DMS__\pmd.audit"

More information:

Configure the Connection to the DMS