Submit a ticketCall us
Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Certificate error message displays when logging in to Patch Manager

Certificate error message displays when logging in to Patch Manager

Updated July 24, 2018

Overview

The following error message displays when logging in to Patch Manager, indicating that the Patch Manager certificate is not validating:

Warning:

"Patch Manager Server Certificate Validation

Result: Failed"

Error:

"Private key is inaccessible for user account '<Some_Account>'"

 

You can execute the following to validate the Private Key permissions:

C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary

After you execute the code, there is no improvement

Environment

Patch Manager 2.1 and later

Cause 

  • The account used for the EminentWare Data Grid Server service cannot access the Patch Manager certificate.
  • After you execute setuphelper.exe to validate the Private key permissions, there is a mismatch in the Primary Application Server.
  • If using a service account - a GPO might policy might be blocking access to the Local Trusted root store

Resolution

Before you perform the steps below, verify the following:
  1. Verify the Private Key permissions on the EminentWare CA and EminentWare Server certificate's private keys.
    1. Drag and drop the certificates into the Personal store.
    2. Right click each certificate and select All Tasks > Manage Private Keys.
    3. Verify that the EminentWare DataGrid Server Service account has full permissions to the private key.
    4. Verify that the account is explicitly configured with permissions.

      If the permissions are adjusted, the updated certificate should be moved back to its original certificate store.

  2. Verify that the account configured to start the EminentWare DataGrid Server service is set in the form DOMAIN\AccountName
  3. If using a service account - a GPO might policy might be blocking access to the Local Trusted root store - use domain admin account to test this hypothesis. Refer to How to change Patch manager Service account
  4. Verify if you ran the following code:

    C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary

    If not, run the code.

 
If the above verifications do not clear the error, perform the following steps:
  1. Run mmc.exe.
  2. Click File > Add Remove/Snap-in... Add Certificates.
  3. Select Computer account and click Next.
  4. Click Finish, and then click OK.
  5. Go to Trusted Root Certification Authorities > Certificates.
  6. Delete EminentWare Certificates.
  7. Remove deviceID and CADeviceID from the HKLM\SOFTWARE\EminentWare\Data Grid Service registry.
  8. Open SQL Management Studio and clear the record for PAS from dbo.gc_device and dbo.device for the Primary and Automation databases.

    If this step fails with an error, you may need to uninstall and reinstall Patch Manager.

  9. Run:

    setuphelper /provisionserver /type primary

  10. Reset the Patch Manager password.
    1. Go to Patch Manager System Configuration > Security and User Management.
    2. Select Credentials and then click Change Password.
  11. Go to Patch Manager System Configuration > Patch Manager Servers.
  12. Click Patch Manager Server Wizard.
  13. Register the Primary Server.
 
 
If an additional Automation server exists, re-provision the Automation Server.
  1. Run mmc.exe.
  2. Click File > Add Remove/Snap-in... Add Certificates.
  3. Select Computer account, and click Next.
  4. Click Finish, and then click OK.
  5. Go to Trusted Root Certification Authorities -> Certificates and delete EminentWare Certificates.
  6. Remove deviceID and CADeviceID from the HKLM\SOFTWARE\EminentWare\Data Grid Service registry.
  7. Open SQL Management Studio.
  8. Clear the record for Automation from dbo.gc_device and dbo.device on the Primary and Automation databases.
  9. Run:
    setuphelper /provisionserver /type automation.
  10. Reset the password in Patch Manager.
    1. Go to Patch Manager System Configuration > Security and User Management.
    2. Select Credentials and then click Change Password.
  11. Go to Patch Manager System Configuration > Patch Manager Servers.
  12. Click Patch Manager Server Wizard.
  13. Register the Automation Server.

If this procedure does not resolve the issue and the service is running as a domain account, log in to the Primary Application Server to run the setup helper using that account.

 

 

Last modified

Tags

Classifications

Public