3 Replies Latest reply on Sep 26, 2019 10:24 PM by sabari yadavilli

    PCO - Authentication error for managed systems

    Srinivasan Krishnasamy
      Share This:

      Lately I have been seeing this issue in Patrol Agents 10.0 and above, where they are throwing an authentication error when added in PCO console.  However, I never faced this issue in PA 9.6. I am aware that the default account password encryption changes in PA v10.0 and greater and I have also applied the changes to the agents via PCM. However, the original user name and password still is the same for all versions of the PA. I am just not sure why this authentication error just affects these agents in PCO only. I am able to login to all these individual servers with the same Uname and Password. Even after it prompts for the credentials in the PCO, it doesnt work. But the same credentials works when I login via putty.

       

      Regards

      Srini

        • 1. Re: PCO - Authentication error for managed systems
          sabari yadavilli

          Hi Srini,

           

          Can you please clarify is this issue occurring for particular account, means the account used for the UNIX/Linux servers, or on windows servers too, or it is random.

           

          you can check in the Impersonation and aliasing of the user in the PCO administration console. once added the account to alias then it should work.

          May be there is managed group in the PCO admin console and verify that group, add this server to that managed group, automatically this issue will get resolved.

           

          for more check in the patrol gent error logs.

           

           

          Regards

          Sabari Yadavilli

          • 2. Re: PCO - Authentication error for managed systems
            Srinivasan Krishnasamy

            Hi Sabari

             

            First of  all, thanks for the response.

             

            However I have tried all the above mentioned steps prior to raising this issue in here. Let me explain the complete scenario. It might be a long read.

             

            This issue happens on patrol agents installed on flavors of unix servers and the agent version is 10.0 or greater. We recently did a rollout and added 100+ servers into existing monitoring under BPPM 9.6. The existing patrol infra had agents with v9.6. The patrol service account was s-patrol and the password was abcd1234 ( Changed ). We had no issue in viewing the existing agents in the PCO console which means the alias and impersonation entries are already present.

             

            Roll out scenario - since the 9.6 agent was not compatible with the latest OS versions, we deployed 11.3.02 patrol agents in this rollout across all servers. RHEL, Solaris, AIX and windows. Windows agents have a different domain service account - so discarding that. Coming to the unix servers, we had created the same service account with the same pwd ( used in existing servers ). There is a change in the encryption tech used in PA 10.0 and greater. So we had to change the default account rule alone. Other than that, all the other rules remained the same. We created the default account rule using "set default account " option via PCM. There new encrypted password was created as a rule and we used that to deploy on all 11.3.02 agents. We also verified the password using the pwd_encrypt utility available in the agent server.

             

            Monitoring is working fine - checked in BPPM console - data collection, alerts etc are all normal. However, when it comes to PCO, the managed system always throws authentication error. Even if I manually input the username and password, it is not working. But I am able to login to the same server with the same credentials where the agent is deployed. I also tried using a different set of credentials as well, but in vain. Nothing works.

             

            I created new entries in alias and impersonation table using the new encrypted pwd and then restarted the console server and tried. Still no luck.

             

            admincli -c abc.test.net -user patrol -pwd C6D36B -table alias -op add  -name s-patrol-linux-new-epass -login s-patrol -epass C2C890

            admincli -c abc.test.net -user patrol -pwd C6D36B -table imp -op add -u_pat patrol -s_pat PATROL_AGENT_CO* -m_pat PATROL_CSERVER_abc* -alias s-patrol-linux-new-epass

             

            I also tried using the normal password instead of epass as well. Tried using * instead of mentioning the username, service name and MLM names as well. No luck.

             

            Thanks in advance. sabari yadavilli

            • 3. Re: PCO - Authentication error for managed systems
              sabari yadavilli

              HI Srini,

               

              seems below link might help you to resolve your issue on authentication of agent in Linux environment.

               

              Console Server to Agent authentication fails when using PAM after PATROL Agent upgraded from to version 10.7 or above

               

              Regards

              Sabari Yadavilli