Symantec Access Management

Tech Tip : CA Single Sign-On : Impossible login on AdminUI

  • 1.  Tech Tip : CA Single Sign-On : Impossible login on AdminUI

    Broadcom Employee
    Posted May 20, 2019 05:25 AM

    Issue:


    We're running an AdminUI and after having changed the external
    Administrator password, we can't login anymore in the AdminUI.

     

    How can we solve this ?

     

    Environment:

     

    AdminUI 12.8
    Policy Server 12.8

     

    Resolution:


    You can modify the connection password for the External Admin Store as
    provided by our documentation :

     

    Update External Administrator Store Credentials

     

    If the Administrative UI credentials for the external administrator
    store change, submit the new credentials to the Administrative
    UI. Otherwise the administrators lose access.

     

    If you installed the Administrative UI using the stand-alone option,
    that is, with the embedded JBoss server, the following utilities are
    available:

     

    LDAP: The smjndisetup utility to update the directory server user
    account credentials.

     

    To update the directory server host system name or port information,
    use the Administrative UI to recreate the connection to the external
    administrator store. The smjndisetup utility cannot update host or
    port information.

     

    Update Directory Server Credentials

     

    Update directory manager credentials with the smjndisetup utility.

     

    Note: The smjndisetup utility can only update connection details
    that were configured using the Administrative UI. You cannot use the
    smjndisetup utility to create the connection credentials. Follow
    these steps:

     

    Log in to the Administrative UI host system.

     

    Navigate to administrative_ui_home\CA\siteminder\adminui\bin.
    administrative_ui_home specifies the Administrative UI installation
    path.

     

    Run the following command:

    smjndisetup.bat --reset-password

     

    Do one of the following tasks:

    Type the new directory user and press Enter.
    Press Enter to accept the default user name.
    Type the new password and press Enter.
    Type y and press Enter.

     

    The utility restarts the Administrative UI service. The utility also
    updates the new directory connection details.

     

    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/policy-server-configuration/administrators/configure-an-external-administrator-store#ConfigureanExternalAdministratorStore

     

    Make sure you have applied the modification requested on this KD :

     

    javax.naming.NamingException: LDAP response read timed out error in adminui server.log

     

    https://comm.support.ca.com/kb/javaxnamingnamingexception-ldap-response-read-timed-out-error-in-adminui-serverlog/kb000005972

     

    KB : KB000132390