The GUI cannot connect to Cell Manager: “Unable to get Authentication token. Check if Appserver is running.”

  • KM03076738R
  • 19-Jan-2018
  • 19-Jan-2018

This document is under revision.

Summary

The Data Protector GUI is unable to correctly authenticate in the DP IDB.

Error

SYMPTOMS

Data Protector GUI shows error message “Unable to get Authentication token. Check if Appserver is running.”

 

SCOPE

All supported Data Protector CM platforms from Data Protector 10.00 forward.

Cause

The Data Protector GUI is unable to correctly authenticate in the Data Protector Internal Database.

Fix

RESOLUTION

Reset password for user “master_admin” and “DpKeycloakUser” on Keycloak server and change password for this user in IDB.

 

  1. Create keycloak master user in order to access Keycloak server and change “master_admin” and “DpKeycloakUser” user password.

a.      In

Win: “C:\Program Files\OmniBack\AppServer\bin”

UNIX: /opt/omni/AppServer/bin

run

Win: “add-user-keycloak.bat -r master -u username -p password

UNIX: ./add-user-keycloak.sh --sc /etc/opt/omni/server/AppServer -r master -u username -p password

username and password can be selected, for example master_dpuser / PassMaster

The result should be:

Win: “Added 'master_dpuser' to 'C:\ProgramData\OmniBack\Config\Server\AppServer\keycloak-add-user.json', restart server to load user”

UNIX: “Added 'master_dpuser' to '/etc/opt/omni/server/AppServer/keycloak-add-user.json', restart server to load user”

b.      Restart only Data Protector Application Server (hpdp-as)

  1. Open web browser and navigate to https://cellManagerFQDN:7116/auth/admin and enter “username” and “password” from step 1.

 

  1. In the upward left corner expand DataProtector and select Master realm. Then change the password for the user.

a.      In left pane select “Users” and then press “View all users”.

b.      In the list, click on the “ID” of user “master_admin”.

c.      Open “Credentials” tab, where you can enter new password and set “Temporary” switch to OFF.
Press “Reset Password” and confirm new password by pressing “Change password” button to confirm password change.

  1. Now in left-up corner where “Master” sign is and select “DataProtector” realm. Repeat the steps 3 a-c to change password for user “dpkeycloakuser” in “DataProtector” realm.

 

  1. Create SQL script file with the following content and save it in a file, for example scriptname.sql.

delete from dp_keycloak_tokens;

delete from dp_config_host_credentials;

delete from dp_config_host;

 

 

  1. Execute the created SQL script:

“omnidbutil -run_script scriptname.sql –detail”

  1. Go back to CLI and run following command

-        “omnidbutil -add_restuser_cred -server cellManagerFQDN -user master_admin -pass newMasterAdminPassword
newMasterAdminPassword” is the password as set in step 3 c)

-        “omnidbutil -add_restuser_cred -server cellManagerFQDN -user DpKeycloakUser -pass newMasterAdminPassword
newMasterAdminPassword” is the password as set in step 4 c)

-        If command goes through, you will get “DONE”

  1. Restart Data Protector Application Server