Casa fails after modifying certificates with novell-zenworks-configure or after zman server-restore

  • Document ID:7005781
  • Creation Date:19-Apr-2010
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      ZENworks Configuration Management

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3

Situation

After running novell-zenworks-configure to modify certificates (due to server DNS name change, expired certificates etc.) or after running zman to restore a server from backup, CASA fails to authenticate.
 
casa ats server log (External CASA) shows this:

2010-04-07 13:03:03,590 WARN authtoksvc.SessionToken getSecureTokenUtilObj()-
Exception caught, message = Keystore was tampered with, or password was
incorrect

zenserver log (Embedded CASA) shows this:

2010-04-07 13:03:17,770 INFO [ClientAddr=192.168.0.30] Authenticate Rpc,
Status=INTERNAL_ERROR
 
client logs show this:

[DEBUG] [04/07/2010 21:14:04.480] [1520] [ZenworksWindowsService] [25] []
[CommonCasa] [] [ObtainAuthToken took exception: -939589600 System.Exception:
-939589600
   at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String
sHost, WinLuid luid)
   at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID,
String RealmName, String

Resolution

This is fixed in version 10.3.1 - see KB 7006265 "ZENworks Configuration Management 10.3.1 - update information and list of fixes" which can be found at http:\\www.novell.com\support
 
Workaround for prior version:
 
NOTE:  For Linux servers, confirm correct ownership of modified files!
 

Manual Workaround Steps:

casa_crypto.properties Path (Windows)
---------------------------------------

External CASA -
%ZENWORKS_HOME\share\ats\catalinabase\webapps\CasaAuthTokenSvc\WEB-INF\classes\casa_crypto.properties

Embedded CASA -
%ZENWORKS_HOME\share\tomcat\webapps\CasaAuthTokenSvc\WEB-INF\classes\casa_crypto.properties


casa_crypto.properties Path (Linux)
-------------------------------------
External CASA -
/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/classes/casa_crypto.properties

Embedded CASA -
/opt/novell/zenworks/share/tomcat/webapps/CasaAuthTokenSvc/WEB-INF/classes/casa_crypto.properties

Passphrase file Path
------------------------
Windows - %ZENWORKS_HOME\conf\security\passphrase.txt
Linux - /etc/opt/novell/zenworks/security/passphrase.txt

serverConfig file Path
--------------------------
Windows - %ZENWORKS_HOME\conf\security\serverConfig.xml
Linux - /etc/opt/novell/zenworks/security/serverConfig.xml


Open the Passphrase file and note the password in it. It is a single line file with just the password.

 Open the serverConfig file and note the Alias (contained within <Alias> ...<\Alias> tags)

Edit the casa_crypto.properties files (both external and embedded) and change the following:
  - com.novell.casa.authtoksvc.crypto.keystore.password value to the password noted from passphrase file
  - com.novell.casa.authtoksvc.crypto.alias.password value to the password noted from passphrase file
  - com.novell.casa.authtoksvc.crypto.keystore.alias value to the alias noted from serverConfig file

Restart all services zenloader , zenserver , casa .