'Key Mismatch' error during discovery of agent (NETIQKB48756)

  • 7748756
  • 02-Feb-2007
  • 21-Jan-2011

Environment

NetIQ AppManager 6.x
NetIQ AppManager 7.0.x

Situation

Key mismatch error occurs during discovery of the agent.

Error: 'Key Mismatch'

Resolution

To resolve this issue:

  1. On the Management Server, open a command prompt and type in the following, then copy the results to text files:

              nqkeygenwindows -db databasename:sql_user:servername -info

  2. On the agent in question, open a command prompt and type in the following, then copy the results to text files:

              nqkeygenwindows -agentseclev

              nqkeygenwindows -agentinfo
  3. Compare the key checksum values to see if they are the same. If they are the same, check the NTFS permissions on the directory where the key is stored on the agent by opening Windows Explorer and navigating to the following path:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKey

  4. Insure that your service account has Full Access (or at least READ) permission to the key files. The 'LocalSystem' account and local administrators group will always have full permissions.

Cause

The netiqmc service account was Domain User and did not have READ permission to the key files. Discovery failed because the netiqmc process could read the keys stored under:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKey

Additional Information

Formerly known as NETIQKB48756