Error Message Indicates Failed To Authenticate

Problem:

An error message appears that includes the following text:

Failed to authenticate

A “failed to authenticate” error message indicates that the Enterprise Manager was able to connect to either the Enterprise Manager Agent Web application installed on every system server that communicates with the Enterprise Manager regarding any configuration changes or alarm messages for the relevant server. (EMA) or Recorder Manager (RM) application on a managed server Server that is managed by the Enterprise Manager application., but that the EMA or RM could not authenticate the Enterprise Manager connection.

This error may appear in the System logs or on these Enterprise Manager tabs:

• System Management > Enterprise > Settings

• System Management Module that allows performing suite-wide system management activities from a single, Web-based application, the Enterprise Manager. > Enterprise > Configuration Status

• System Monitoring > System Monitor > Alarm Status

Solution:

A failed to authenticate error message usually appears because of one of these two problems:

• The EMA on the managed server cannot connect to the Enterprise Manager because of a firewall or network configuration issue.

• The Enterprise Manager location settings to which the managed server has access do not match the settings in the Enterprise Manager Location tab.

To solve either of these problems, you must know the connectivity settings specified for the Enterprise Manager application in the Enterprise Manager Location tab.

To view these settings, select System Management > General Settings > Enterprise Manager Location. The Enterprise Manager listens for connections from managed servers on the server name and port specified in the Enterprise Manager Location tab, as discussed in Security (Authentication and Authorization).

Network Configuration Issues

Network configuration issues are one possible cause of a failed to authenticate error message.

To complete the authentication process, all networks that are between the managed server and the Enterprise Manager application must allow communication on the port specified in the Enterprise Manager Location tab. For example, if a firewall anywhere between the managed server and the Enterprise Manager blocks HTTP communication on the port (default 80) specified in the Enterprise Manager Location tab, the EMA on the managed server cannot connect to the Enterprise Manager to complete the authentication process. The inability to complete this connection results in the failed to authenticate message. Ensure that all networks and firewalls between the managed server and the Enterprise Manager allow HTTP communications to the server name and port specified in the Enterprise Manager Location tab.

Enterprise Manager Location Settings

Incorrect Enterprise Manager Location settings are a second possible cause of a failed to authenticate error message.

The authentication process can also fail if the Enterprise Manager location settings stored in the AuthConfig.xml file on the managed server are different from those specified in the System Management > General Settings > Enterprise Manager Location tab. A managed server uses the Enterprise Manager location settings specified in the AuthConfig.xml file to connect to the Enterprise Manager to complete the authentication process.

Use the procedure below to view the AuthConfig.xml file on the managed server to ensure that the Enterprise Manager location values specified in that file match those specified in the Enterprise Manager Location tab.

1. Use the Remote Desktop Connection tool to access the managed server. (From the Windows desktop, select Start > Programs > Accessories > Remote Desktop Connection).

2. Use a text editor or web browser to open the AuthConfig.xml file on the managed server. The AuthConfig.xml file is in the following location on the managed server:

   <install directory>\software\Conf\applications\AuthConfig.xml

3. In the AuthConfig.xml file, ensure that the values for the following XML tags Time-stamped information items appended to interactions at different points of interest, including Annotations and Events. match the corresponding values in the Enterprise Manager Location tab, as described below:

   • The value of the <Primary-Server-Host> XML property tag must match the value of the EM Server Name field in the Enterprise Manager Location tab.

   • The value of the <Primary-Server-Port> XML property tag must match the value of the Port Number field in the Enterprise Manager Location tab.

   • The value of the <Primary-Server-SSLPort> XML property tag must match the value of the HTTPS Port Number field in the Enterprise Manager Location tab.

   • The value of the <Primary-Server-Context> XML property tag must match the value of the Context field in the Enterprise Manager Location tab.

     If the value of an XML property tag does not match the corresponding value in the Enterprise Manager Location tab, use an XML or text editor to edit the value in the AuthConfig.xml file so that it matches the corresponding value in the Enterprise Manager Location tab.

4. If you changed the AuthConfig.xml file, save the file.

To test the settings specified for the XML tags in the AuthConfig.xml file, construct a URL consisting of the values provided for the XML property tags in the AuthConfig.xml, as indicated below:

http://<Primary-Server-Host>/<Primary-Server-Context> -or-

https://<Primary-Server-Host>/<Primary-Server-Context>

For example: http://emserver/wfo

Enter the URL in a web browser. If you can access the Enterprise Manager successfully using a URL constructed from the values specified in the AuthConfig.xml file, the managed server should be able to successfully authenticate with the Enterprise Manager. If you continue to see a failed to authenticate error message, check the logs on the EM or RM for other error messages.