Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Patch Manager > Certificate error message displays when logging in to Patch Manager

Certificate error message displays when logging in to Patch Manager

 

Overview

The following error message displays when logging in to Patch Manager, indicating that the Patch Manager certificate is not validating:

Warning:

"Patch Manager Server Certificate Validation

Result: Failed"

Error:

"Private key is inaccessible for user account '<Some_Account>'"

 

You can execute the following to validate the Private Key permissions:

C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary

After you execute the code, there is no improvement

Environment

Patch Manager 2.1 and later

Cause 

The account used for the EminentWare Data Grid Server service cannot access the Patch Manager certificate.

After you execute setuphelper.exe to validate the Private key permissions, there is a mismatch in the Primary Application Server.

Resolution

Before you run the procedures below, verify the following:
  1. Verify the Private Key permissions on the EminentWare CA and EminentWare Server certificate's private keys.
    1. Drag and drop the certificates into the Personal store.
    2. Right click each certificate and select All Tasks > Manage Private Keys.
    3. Verify that the EminentWare DataGrid Server Service account has full permissions to the private key.
    4. Verify that the account is explicitly configured with permissions.

      If the permissions are adjusted, the updated certificate should be moved back to its original certificate store.

  2. Verify that the account configured to start the EminentWare DataGrid Server service is set in the form DOMAIN\AccountName.
  3. Verify if you ran the following code:

    C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary

    If not, run the code.

 
If these verifications do not clear the error, perform the following steps:
  1. Run mmc.exe.
  2. Click File > Add Remove/Snap-in... Add Certificates.
  3. Select Computer account and click Next.
  4. Click Finish, and then click OK.
  5. Go to Trusted Root Certification Authorities > Certificates.
  6. Delete EminentWare Certificates.
  7. Remove deviceID and CADeviceID from the HKLM\SOFTWARE\EminentWare\Data Grid Service registry.
  8. Open SQL Management Studio and clear the record for PAS from dbo.gc_device and dbo.device for the Primary and Automation databases.

    If this step fails with an error, you may need to uninstall and reinstall Patch Manager.

  9. Run:

    setuphelper /provisionserver /type primary

  10. Reset the Patch Manager password.
    1. Go to Patch Manager System Configuration > Security and User Management.
    2. Select Credentials and then click Change Password.
  11. Go to Patch Manager System Configuration > Patch Manager Servers.
  12. Click Patch Manager Server Wizard.
  13. Register the Primary Server.
 
 
If an additional Automation server exists, re-provision the Automation Server.
  1. Run mmc.exe.
  2. Click File > Add Remove/Snap-in... Add Certificates.
  3. Select Computer account, and click Next.
  4. Click Finish, and then click OK.
  5. Go to Trusted Root Certification Authorities -> Certificates and delete EminentWare Certificates.
  6. Remove deviceID and CADeviceID from the HKLM\SOFTWARE\EminentWare\Data Grid Service registry.
  7. Open SQL Management Studio.
  8. Clear the record for Automation from dbo.gc_device and dbo.device on the Primary and Automation databases.
  9. Run:
    setuphelper /provisionserver /type automation.
  10. Reset the password in Patch Manager.
    1. Go to Patch Manager System Configuration > Security and User Management.
    2. Select Credentials and then click Change Password.
  11. Go to Patch Manager System Configuration > Patch Manager Servers.
  12. Click Patch Manager Server Wizard.
  13. Register the Automation Server.

If this procedure does not resolve the issue and the service is running as a domain account, log in to the Primary Application Server to run the setup helper using that account.

 

 

Last modified

Tags

Classifications

Public